At other devopsdays events that Mondoo visited this year, the main focus of the talks was security and compliance. (Obviously, this is a topic dear to us.) However, this edition was a bit different: Much of the focus was on people and their environment.
Focus on people
The first day started with a few talks about human interaction and management. In the afternoon the discussions centered around developing at a fast pace. Alex de Groot had an interesting presentation about the importance of privacy and how to incorporate it in software designs. We finished the day with a barbeque, bingo, and karaoke, where all attendees had the chance to socialize.
Day two was packed with talks on topics critical to our society as a whole:
- Anne Jan Brouwer presented to everyone the path he walked while implementing the CoronaCheck app that is used in the Netherlands.
- Christa Meck talked about the importance of mental health.
- Thatcher Peskens introduced the idea of an eco-friendly cloud provider.
Find and fix the security risks that pose the biggest threat to your business.
The nefarious
My talk, Supply Chain Security—Develop Quickly Without Inviting the Nefarious sparked the audience's interest. It inspired an open space discussion about DevSecOps in which people from multiple companies expressed their worries about difficulties keeping their infrastructures secure.
One of the main concerns we all agreed upon was the communication problem between developers and security engineers. We discussed an apparent barrier preventing people in these two roles from successfully discussing challenges and solutions. For many present, security was a gray area and the responsibility for it was unclear.
Some of the developers in the room pointed out that they already need to take care of coding, deployment, and maintenance. Increasingly, security is yet another burden they must carry, and they're not happy about that. The challenge for them is that security is difficult and complex, and the learning curve is very steep for a newcomer. They need software to guide them and facilitate communication with the security teams. Essentially, they expressed their need for a tool like Mondoo.
In the eight years I've lived in Eindhoven, this was one of the biggest tech events the town has seen. I had the opportunity to reconnect with friends and ex-colleagues, while also meeting new, like-minded people. I am grateful to the devopsdays organizers for all their work to make this conference a success—and for inviting me to present my topic. I look forward to next time!