Managing Developer Velocity and System Security with DevSecOps
December 2022 • Podcast
Alejandro Gomez talks with Suzanne Miller about how his team explored—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps.
“You have these goals that you are trying to set. At the same time, there is a lot of complexity that needs to be managed. As we have seen the past couple of years, security is becoming an ever more important topic that not just developers have to be aware of but also executives and leadership. ”
Software Engineering Institute
In aiming for correctness and security of product, as well as for development speed, software development teams often face tension in their objectives. During a recent customer engagement that involved the development of a continuous-integration (CI) pipeline, developers wanted to develop features and deploy to production, deferring non-critical bugs as technical debt, whereas cyber engineers wanted compliant software by having the pipeline fail on any security requirement that was not met. In this SEI Podcast Alejandro Gomez, a researcher in the SEI’s CERT Division who worked on the customer project, talks with principal researcher Suzanne Miller about how the team explored—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.
About the Speaker
Alejandro Gomez is a software engineer at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). He has served as a tech lead in multiple DoD projects, bringing technical excellence, ...
Alejandro Gomez is a software engineer at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). He has served as a tech lead in multiple DoD projects, bringing technical excellence, bridging communication between management and software teams as well as teaching and mentoring other developers He has constructed Continuous Delivery/Integration software pipelines, built realistic simulations of 5G networks to test device trustworthiness, created tools to improve developer experience, and maintained the hardware/software infrastructure that runs the SEI’s internal projects.
Prior to joining CMU, Alejandro developed business-critical software in real-estate, finance, and technology industries. He holds and MS in Software Engineering from Villanova University, where he performed research on the feasibility of blockchain communication in low-earth orbit satellites. He holds BAs in English and Economics from the University of Miami. He now lives in Pittsburgh with his wife and daughter.