While public sector entities continue to leverage commercial off the shelf (COTS) technology, there will remain a need for custom build software in support of the mission. In order to properly develop, maintain, and support this custom software, agencies need to rely on an Application Lifecycle Management (ALM) approach. This approach brings together the tools, activities, and people to efficiently manage an application from its inception through its retirement. ALM is similar to the software development lifecycle (SDLC) which focuses mainly on the development of software. In contrast, ALM encompasses the lifecycle of development to maintenance and, finally, to decommissioning.
How ALM works in a given environment can vary according to the software development methodology being deployed. Traditionally, the waterfall development methodology was common in the public sector, but, increasingly, Agile or DevOps methods are being leveraged.
TD SYNNEX Public Sector’s ALM recommended vendors focus not just on the "development" portion of an application's life but also on the deployment, promotion, and ongoing management of the application until decommissioned. Key elements of an ALM toolchain include: software requirements definition and management, software change and configuration management, software project planning, with a current focus on agile planning, work item management, quality management, including defect management. Other key capabilities include: reporting, workflow, integration to version management, support for wikis and collaboration, strong facilities for integration to other ALM tools.
Regardless of your preferred development methodology, TD SYNNEX Public Sector has the right tools to support your Application Lifecycle Management initiatives.
Despite which development methodology is used, TD SYNNEX Public Sector's ALM framework has three distinct components: Governance, Development, and Operations.
- Governance
The governance component involves all decisions about the software. It starts with a basic concept developed by a business case. This is where the original concept gets expanded and tied to specific business strategies. The governance component also covers other aspects including user access, security, and resource management. - Development
The development component of the ALM integrates the SDLC. This phase of the software project covers all aspects of its development including planning, design, building, testing, and deploying it. For agencies using the waterfall methodology, development is done in stages. For companies using Agile or DevOps, the steps are fully integrated. - Operations
Operations is the third component of the ALM, which involves deploying the application and maintaining throughout its lifecycle. For agencies using the waterfall methodology, development and operations are completely separate. For companies using Agile or DevOps, they are an integrated, continuous process.
TD SYNNEX Public Sector ALM recommended products focus not just on the "development" portion of an application's life but also on the deployment, promotion, and ongoing management of the application until decommissioned. Key elements of an ALM solution include: software requirements definition and management, software change and configuration management, software project planning, with a current focus on agile planning, work item management, quality management, including defect management. Other key capabilities include: reporting, workflow, integration to version management, support for wikis and collaboration, strong facilities for integration to other ALM tools.
The public sector is more and more requesting their software be developed using the Agile Development method. Agile is an iterative approach to software development that emphasizes flexibility, interactivity, and a high level of transparency. Agile projects involve the frequent release of usable code, continuous testing (quality), continuous security, and acceptance that whatever you think you know now, the reality is, it’ll change.
In order to respond to these frequent application changes, IT Operations is impacted to provide the necessary resources and practices to deliver the service to end users. So service delivery and how the app and systems interact are a fundamental part of the value proposition to the agency as well, and so the product team needs to include those concerns as a top level item.” From this perspective, DevOps is simply extending Agile principles beyond the boundaries of “the code” to the entire delivered service.
TD SYNNEX Public Sector provides technology that supports the notion that change is unpredictable and platforms and practices should be highly flexible and adaptable to be able to accept modifications regardless of the employed software development and deployment practices in order to give stakeholders a highly available, scalable, reliable, secure, and high quality work product.
The application development landscape in the public sector has undergone vast changes over the past decade. The shift from Waterfall and on-prem to Agile and cloud computing platforms, shared storage and data, and more dynamic applications has brought enormous benefits to government organizations, which are looking to become more efficient.
While DevOps has increased speed, scale and functionality of applications, the application lifecycle model needs more robust security to meet compliance requirements. DevSecOps was introduced to meet this challenge and to bring development, operations and security together.
This approach makes security equal with development and operations in the application lifecycle and it ensures that security is at the forefront when developing and deploying applications.
TD SYNNEX Public Sector's Secure Software Factory helps public sector organizations accelerate their journey to DevSecOps by providing a framework that U.S. federal agencies and state, local and education (SLED) organizations can use today to create, deploy and operate applications in a compatible, flexible and secure manner.
By following the framework outlined in the Secure Software Factory, government agencies and educational organizations can save money by bundling solutions they know are compatible, increase velocity by automating the steps in an application’s development, and increase quality and consistency by providing a baseline architecture that can be easily followed and replicated.
The Secure Software Factory starts with planning and integrating code, moves to running automated tests, checks for cyber vulnerabilities from both source code and binary dependencies, deploys the application to production, and then provides the ability to monitor and operate the application in production while continuously checking for potential vulnerabilities. Whether an agency or educational organization runs its workloads in the Cloud, on-premise or in a hybrid environment, the Secure Software Factory can meet their business needs and accelerate their organization’s software delivery in a secure fashion.
Benefits of TD SYNNEX Public Sector’s Secure Software Factory include:
- Cost Avoidance
- By verifying the applications before deployment, the Secure Software Factory enables government agencies and organizations to streamline application development without the risk of implementing incompatible solutions. This allows organizations to avoid the use of valuable capital that would otherwise be spent purchasing individual applications.
- Increased Velocity
- The Secure Software Factory is a cloud-enabled framework that automates all the steps in a modern software delivery process leveraging containers running in a Kubernetes environment. The Secure Software Factory simplifies the implementation process, allowing developers to focus on aspects of individual applications, reducing the risk of design flaws and code defects, which cuts down on the time to deployment.
- Improved Quality and Consistency
- The Secure Software Factory provides a baseline architecture that helps address design and development challenges, exposes architectural decisions and mitigates risks early in the development cycle. By using a baseline architecture, government agencies and organizations can develop applications that consistently meet standard of quality requirements.
- Existing Integrations
- Many of the tools within the Secure Software Factory integrate with each other, which means less connectivity issues and troubleshooting for your teams.
The Secure Software Factory allows TD SYNNEX Public Sector’s channel partners to leverage an end-to-end framework of best-of-breed tools, today, to meet their public sector customers’ mission requirements.
TD SYNNEX Public Sector supports channel partners by distilling the the Secure Software Factory concept and tying it their own go-to-market strategies. This approach helps channel partners better shape the unique Secure Software Factory value proposition to enhance discussions with government agencies and educational organizations.
Channel partners also have access to workshop/demo solutions that gives government agencies and educational organizations the ability to use the framework of automated tools in a demo environment.
Old software development models are too linear, have rigid procedures, limit communications and the ability to collaborate, which makes it difficult to quickly update and deliver software to all stakeholders. The Secure Software Factory delivers applications quickly and gets end-user feedback rapidly, so changes can be incorporated faster and more efficiently. This is achieved by delivering smaller iterations of application version, automating the deployment process, and facilitating collaboration and communication between development, security and operation teams. The result is improved application speed and quality at a lower cost.
Learn more about the Secure Software Factory from one of TD SYNNEX Public Sector’s SMEs.
Choosing the best technology in a sea of tools can be overwhelming, especially in the public sector where procurement can be a long and arduous process and making the wrong choice could set an organization back significantly as they evolve towards a DevSecOps culture. Each month, join TD SYNNEX Public Sector's App Life specialists, who combined have over 70 years of software development and sales experience, as we interview guests from the public sector arena (technology companies, SIs, agency executives, VARs, etc.). If you have an interest in learning about cutting edge technologies, or hearing about more mature technologies and their journeys of success (and learned failures along the way) in the Public Sector space, we think this podcast is for you.
Episode List
DLT DevSecOps Podcast — Pilot Episode – June 9, 2020. Length: 1:04:36
Interested to learn more about TD SYNNEX Public Sector's Secure Software Factory (SSF)? This podcast episode lays the foundation on the history of the SSF (why we built it), considerations TD SYNNEX Public Sector took when building the framework, our approach to software/application development, why the SSF is important for the Public Sector, it’s relevancy to the channel (VARs, ISVs, and Sis), and the long term strategy behind the SSF.
ContinuousX Podcast: Episode 2 — Featuring Red Hat – June 30, 2020. Length: 46:03
During this podcast episode you’ll hear about why TD SYNNEX Public Sector picked Red Hat to be a significant technology provider for the Secure Software Factory. Hear how Red Hat is providing leading / innovative technologies and their views on next generation workloads, how they’re future proofing agencies environments and securing hybrid clouds, and more.
ContinuousX Podcast: Episode 3 — Nicolas Chaillan – July 29, 2020. Length: 40:17
Join TD SYNNEX Public Sector and special guest, Mr. Nicolas Chaillan, who was appointed as the first Air Force Chief Software Officer. This episode provides insight on DevSecOps in the DoD by a highly qualified and sought after thought-leader. As the Air Force's senior software czar, Mr. Chaillan is responsible for enabling Air Force programs in the transition to Agile and DevSecOps to establish force-wide DevSecOps capabilities and best practices, including continuous Authority to Operate processes and faster streamlined technology adoption.
ContinuousX Podcast: Episode 4 — Featuring Dynatrace Public Sector DevOps Leaders – August 10, 2020. Length: 55:54
Join TD SYNNEX Public Sector and Dynatrace in discussing the progression and potential future of mature technologies within the Public Sector space. Dynatrace takes a deep technical dive into their solutions and offers their expertise as a leader in the Application Performance Monitoring space (10 straight years in Gartner’s magic quadrant).
ContinuousX Podcast: Episode 5 — Featuring Dr. Ron Ross – September 3, 2020. Length: 59:41
Please enjoy this wide-ranging conversation with our special guest Dr. Ron Ross, a Fellow at the National Institute of Standards and Technology (NIST), as we discuss the future of DevSecOps in the Public Sector and so much more. For the past 17 years, Ron has focused on the areas of information security and risk management while leading the Federal Information Security Management Act (FISMA) implementation project, which includes security standards and guidelines for the federal government, contractors, and US critical information infrastructure. Earlier this year Ron decided to pivot and create a DevSecOps framework, which we will discuss in great depth as to what it is and why it was a necessary development.
ContinuousX Podcast: Episode 6 — Featuring Derek Weeks – October 5, 2020. Length: 40:29
This episode's distinguished guest is the Vice President of Sonatype, Derek Weeks. We are thrilled to have him on ContinuousX as he works very closely in an arena we feel very passionate about: accelerating DevSecOps in the public sector. Derek is a DevOps advocate and the co-founder of All Day DevOps, which now has over 95,000 IT professional members. In this episode we take a deep dive into the benefits of Open Source Solutions, what advice could be given to agencies looking to adopt or proliferate Open Source, what some of the deficiencies and risks agencies unintentionally accept with more traditional development practices, and much more.
ContinuousX Podcast: Episode 7 — Featuring Appian's VP of Global Public Sector Business: Jason Adolf – November 11, 2020. Length: 38:51
Interested in the improvement of Public Sector customer experience, achieving operational excellence and simplifying global risk management and compliance? If so, this thought-provoking podcast interview with TD SYNNEX Public Sector and Appian's Vice President of Global Public Sector Business is for you! Appian's low code automation platform accelerates the creation of high-impact business applications and many of the world's largest organizations, including agencies across the public sector. During this conversation, we ask Jason to share his knowledge and industry-leading expertise around all things Low Code — why this technology crucial in the Public Sector space and how this differs from traditional development. We hope you learn and enjoy this episode as we did!
ContinuousX Podcast: Episode 8 — Featuring Ryan O'Daniel, Federal Sr. Systems Engineer for Sysdig – January 12, 2021. Length: 41:20
Today we will be discussing DevOps (and more) with Ryan O'Daniel - Senior Federal Systems Engineer at Sysdig. Today we will discuss with experts: Advice for agencies attempting to achieve a Continuous ATO practice with containers, challenges an agency might face in monitoring and identifying container issues, how container based platforms may be affected by "zero-trust" network postures... and so much more! Join us in another journey to understanding the importance of DevSecOps in the Public Sector.
ContinuousX Podcast: Episode 9 — Featuring Rusty Sides, SE Manager – US Public Sector, Checkmarx – March 17, 2021. Length: 24:55
Tune in to our latest episode of the ContinuousX podcast, featuring Rusty Sides, SE Manager – US Public Sector, Checkmarx. Rusty has over 23 years of software development, sales engineering, team management, and security consulting experience. Listen now for a deep technical dive with Rusty and our TD SYNNEX Public Sector host's Rick Stewart, Mike Fitzurka, and Don McLean as we cover topics ranging from the UNC2452 hack to the validity of software supply chains.
ContinuousX Podcast: Episode 10 — Featuring Chris Randvere, Solution Engineer for Redgate – March 17, 2021. Length: 16:05
We are excited to announce the launch of our 10th episode on this podcast! In this episode we feature a tech leader from @Redgate: Chris Randvere has over 30 years of experience in the IT industry and is currently a Solution Architect at Redgate. Redgate makes life easier for development, operations, and IT leaders by solving the database challenges in delivering software at speed.
ContinuousX Podcast: Episode 11 — Featuring D2IQ – June 16, 2021. Length: 33:19
During this podcast episode, you’ll hear about why TD SYNNEX Public Sector picked D2iQ to be a significant technology provider for the Secure Software Factory. Hear how D2iQ is providing secure, enterprise-grade, multi-tenant Kubernetes environments for public sector agencies while maintaining continuous monitoring across multi and hybrid clouds.
ContinuousX Podcast: Episode 12 — Feat. Cornerstone Technical – June 23, 2021. Length: 21:35
During this podcast episode, you’ll hear about why TD SYNNEX Public Sector works with valued service providers like Cornerstone Technical to evangelize and implement the Secure Software Factory. Hear Jared Patrick discuss the critical componentry, best practices, and technology used to promote hygienic workloads using a software supply chain mentality within a DevOps culture.
ContinuousX Podcast: Episode 13 — Feat. Kevin Greene, Parasoft, Part 1 – August 16, 2021. Length: 9:55
Join DLT for the first of a two-part series with our guest, Kevin Greene, who is Director of Security Solutions at Parasoft. In this first episode, we get to know Kevin better by hearing his background and experience identifying innovative automated testing technology and its important role in the DevSecOps cultural transformation. Since testing is such an enormous topic to explore, we had to break it into two parts!
ContinuousX Podcast: Episode 13 — Feat. Kevin Greene, Parasoft, Part 2 – September 9, 2021. Length: 16:59
Join TD SYNNEX Public Sector for the second of a two-part series with our guest, Kevin Greene, Director of Security Solutions at Parasoft. In the first episode, we got to know Kevin better by hearing his background and experience identifying innovative automated testing technology and its important role in the DevSecOps cultural transformation. Since testing is such an enormous topic to explore, we had to break it into two parts!
ContinuousX Podcast: Episode 14 — Feat. Clinton Herget, Snyk – October 15, 2021. Length: 24:12
Why is knowing what is in your software important to DevSecOps and continuous software development and deployment? Listen to Clinton Herget, Principal Federal Solutions Engineer at Snyk, describe the importance of knowing your ingredients to your software workloads enhances software quality and how the public sector is providing compliance guidelines to assist with enhancing software supply chains.
ContinuousX Podcast: Season 2, Episode 1 - Feat. Kaitlin Bulavinetz – January 14, 2022. Length: 8:32
Join us on a new season of TD SYNNEX Public Sector's ContinuousX Podcast with Kaitlin Bluavinetz, Chief of Staff to the Chief Software Officer of the United States Air Force where we discuss overcoming DevSecOps cultural challenges.
ContinuousX Podcast: Season 2, Episode 2 - Feat. Kaitlin Bulavinetz – January 31, 2022. Length: 7:12
Join us as we continue our discussion on TD SYNNEX Public Sector’s ContinuousX Podcast with Kaitlin Bulavinetz, Chief of Staff to the Chief Software Officer of the United States Air Force. Today we discuss the USAF's new approach to a Continuous Authority to Operate (cATO).
ContinuousX Podcast: Season 2, Episode 3 - Separation of Duties Coexisting Within DevSecOps – February 14, 2022. Length: 12:09
Join us as we take on the Separation of Duties principles and its ability to exist within a DevSecOps culture, in our head-to-head point-counterpoint style discussion.
ContinuousX Podcast: Season 2, Episode 4 - Improvising Provisioning with USAF's Kaitlyn Bulavinetz – February 23, 2022. Length: 6:30
Join us as we conclude our discussions on TD SYNNEX Public Sector's ContinuousX Podcast with Kaitlin Bluavinetz, Chief of Staff to the Chief Software Officer of the United States Air Force. Today we look at improving the provisioning processes to meet the accelerated pace within the US Air Force.
ContinuousX Podcast: Season 2, Episode 5 - On the DevSecOps Mission with Kessel Run’s James Edmonds – March 14, 2022. Length: 8:14
Join us as we discuss Kessel Run's DevSecOps mission on TD SYNNEX Public Sector's ContinuousX Podcast with James Edmonds, Project Manager for Kessel Run's Dagr application.
ContinuousX Podcast: S2 E6: On the Joy of DevSecOps with Kessel Run’s James Edmonds – March 25, 2022. Length: 11:28
Join us as we discuss the joy of working with DevSecOps and Kessel Run's unique culture and working environment on TD SYNNEX Public Sector’s ContinuousX Podcast with James Edmonds, Project Manager for Kessel Run’s DAGR application.
ContinuousX Podcast: Season 2 Episode 7 - On Kessel Run's Insights with James Edmonds – April 5, 2022. Length: 8:46
Join TD SYNNEX Public Sector’s ContinuousX Podcast on our concluding episode with James Edmonds, Project Manager for Kessel Run's DAGR application, as he shares insights from Kessel Run's operational successes and from overcoming their challenges with DevSecOps principles.
ContinuousX Podcast: Season 2, Episode 8 - On Modernizing Monolithic Applications in the Public Sector – April 21, 2022. Length: 17:23
Join TD SYNNEX Public Sector's ContinuousX Podcast team as we share thoughts on modernizing monolithic applications in the public sector.
ContinuousX Podcast: Season 2, Episode 9 - With Cliff Berg on Agile 2: The Next Iteration of Agile – May 9, 2022. Length: 19:58
Today we welcome a special guest, Cliff Berg, co-author of the book Agile 2: The Next Iteration of Agile, as we discuss his work and why he and his fellow Agilists decided that it was time to pivot to Agile 2.
ContinuousX Podcast: Season 2 Episode 10 - With Cliff Berg on Agile 2: The Next Iteration of Agile – May 19, 2022. Length: 10:49
Today we welcome a special guest, Cliff Berg, co-author of the book Agile 2: The Next Iteration of Agile, as we discuss his work and why he and his fellow Agilists decided that it was time to pivot to Agile 2.
ContinuousX Podcast: Season 2 Episode 11 - With Cliff Berg on Agile's Unintended Consequences – June 6, 2022. Length: 10:49
Today we're continuing our in-depth discussions on Agile 2: The Next Iteration of Agile, with our special guest and co-author, Cliff Berg. Today we finish last episode’s discussion with further bits of truth, gemba walking and data architecting in an agile way.
ContinuousX Podcast: Season 2 Episode 12 - With Cliff Berg on Agile Challenges in the Public Sector – June 16, 2022. Length: 18:43
We conclude our conversations with special guest Cliff Berg, co-author of Agile 2: The Next Iteration of Agile, focusing on public sector challenges and viewing software as a living organism.
ContinuousX Podcast: Season 2 Episode 13 - With Cliff Berg on Agile Challenges in the Public Sector – July 1, 2022. Length: 8:42
On this episode, Rick Stewart and I discuss the controversial term of NoOps with our TD SYNNEX Public Sector Solutions colleague, friend and Application Lifecycle Sales Manager, Jason Quattlebaum.
ContinuousX Podcast: Season 2 Episode 14 - On NIST’s Secure Software Development Framework (SSDF) – August 10, 2022. Length: 13:00
On this episode, Jason Quattlebaum, Rick Stewart and Mike Fitzurka discuss NIST’s Secure Software Development Framework (SSDF) and how it compares with DLT’s Secure Software Framework (SSF).
ContinuousX Podcast: S2 E15 — With Google's Jamie Duncan on the Benefits of Kubernetes – August 29, 2022. Length: 12:38
On this episode, Rick Stewart and Mike Fitzurka are joined by Jamie Duncan, friend, colleague, and Google Engineer as we discuss the benefits of Kubernetes for application modernization efforts.
ContinuousX Podcast: S2 E16 — With Google's Jamie Duncan on the Pluggable Design of Kubernetes – September 9, 2022. Length: 9:15
On this episode, Rick Stewart and Mike Fitzurka continue our Kubernetes discussion with Jamie Duncan, Google Cloud Engineer, on the design goals of Kubernetes, how it can be extended in both good and weird ways, and on whether you should really do-it-yourself.
ContinuousX Podcast: S2 E17 — With Google's Jamie Duncan on the Right Modernization Mindset – September 26, 2022. Length: 14:57
On this episode, our guest Jamie Duncan, Google Cloud Engineer, joins Rick Stewart and Mike Fitzurka to discuss the right mindset when modernizing by focusing on ROI and not (necessarily) the fads, and why it is more important than ever to find out what is hiding inside your VMs in order to right-size them for the cloud.
ContinuousX Podcast: S2 E18 — With Google’s Jamie Duncan on the Fundamental Interconnectedness of AI Things – October 7, 2022. Length: 11:59
On this episode, Rick Stewart and Mike Fitzurka ask their guest Jamie Duncan, Google Cloud Engineer, to pick the topic. What follows is a fascinating look at how easy it is now to connect with Artificial Intelligence and Machine Learning (AI/ML), offering unique opportunities beyond traditional programming and development.
ContinuousX Podcast: S3 E1 — Announcing TD SYNNEX Public Sector With Trey Bostick – October 20, 2022. Length: 15:19
To kick off the new season of TD SYNNEX Public Sector's ContinuousX Podcast, Rick Stewart and Mike Fitzurka meet with Trey Bostick to announce the new TD SYNNEX Public Sector organization, a powerhouse by design, with our continued focus on application lifecycle technologies for the public sector.
ContinuousX Podcast: Season 3 Episode 2 - OMB’s Memo M-22-18 on Self-Attestation on Secure Software Development – November 2, 2022. Length: 11:41
This is our public sector, public service announcement on the recent Office of Management and Budget’s memo requiring attestation for NIST’s secure software development and supply chain management practices. Join hosts Rick Stewart and Michael Fitzurka as they discuss the ramifications of the latest guidance and what this means for open source software in the public sector.
ContinuousX Podcast: S3 E3: With Checkmarx’s Peter Chestna on Governmental Challenges with ATO – November 20, 2022. Length: 6:20
On our latest ContinuousX podcast, Checkmarx’s CISO Peter Chestna discusses the challenges of Continuous ATO in the public sector. Join him and our hosts Rick Stewart and Michael Fitzurka as they explore utilizing strong guardrails within automated CI/CD pipelines to address ATO, Separation of Duties and SBOM management.
ContinuousX Podcast: S3 E4: With Checkmarx’s Peter Chestna on Everything-As-Code Everywhere All at Once – November 30, 2022. Length: 10:00
On our latest ContinuousX podcast, Checkmarx’s CISO Peter Chestna explore everything (and I mean everything!) as code; infrastructure, security, pets vs cattle, automated Continuous Deployment, shift-left controls, The Phoenix Project’s Brent vs a Mack Truck, the continuous knowledge gap unsolved by Hello World, Victorian Era craftsmanship vs Industrial Revolution mass production, the 80/20 solution and detecting drift.
ContinuousX Podcast: S3 E5: With Checkmarx’s Peter Chestna on Security Risks with Microservices – December 15, 2022. Length: 8:04
On this episode, the ContinuousX team again has a fascinating discussion with Peter Chestna, CISO of North America at Checkmarx, on how security layers in microservices differs from the old monolith that you are breaking down, and how to establish each microservice as its own security island.
ContinuousX Podcast: S3 E6: With Kubecost’s Chris Reynolds on FinOps in the Public Sector – January 23, 2023. Length: 6:17
Beyond Finance and DevSecOps, FinOps brings vital financial understanding into the daily decision-making processes of development and operational teams. Join the ContinuousX podcast team as we discuss FinOps in the Public Sector with Kubecost’s Chief Architect, Chris Reynolds.
ContinuousX Podcast: S3 E7: With Kubecost's Chris Reynolds on Combatting Cloud Sticker Shock – February 6, 2023. Length: 5:26
Join us again with our special guest Chris Reynolds, KubeCost's Chief Architect, as we discuss how FinOps can address the dreaded "cloud sticker shock" that affect so many teams when migrating fully to the cloud.
ContinuousX Podcast: S3 E8: With KubeCost’s Chris Reynolds on Why FinOps Deserves a Spot in Your Ops Practices – February 15, 2023. Length: 6:51
Our special guest Chris Reynolds, KubeCost’s Chief Architect, enlightens us on how proactive FinOps practices facilitate wider project collaboration with greater product ownership and accountability.
ContinuousX Podcast: S3 E9: With SteelCloud’s Brian Hajost on CBOMs: The Foundation for Security – March 9, 2023. Length: 4:54
The ContinuousX Podcast welcomes Brian Hajost, SteelCloud’s Chief Operating Officer, to discuss the Compliance Bill of Materials (CBOM) and how automating your CBOM serves as the bedrock for threat hunting, prevention, intrusion detection and all your security needs.
ContinuousX Podcast: S3 E10: With SteelCloud’s Brian Hajost on Implicit and Explicit Compliance and Control – March 23, 2023. Length: 5:32
We welcome back Brian Hajost, COO of SteelCloud, LLC as we discuss the importance of explicit compliance in the ATO and A&A processes as well as the benefits of using machine-readable CBOMs (Configuration Bill of Materials) to ensure closed-loop compliance reporting in production.
ContinuousX Podcast: S3 E11: With SteelCloud’s Brian Hajost on Automating Compliance-as-Code – April 5, 2023. Length: 6:50
Learn how to automate compliance-as-code for faster continuous authorizations and streamlined ATOs in the federal government from SteelCloud’s Brian Hajost on the next ContinuousX Podcast.
ContinuousX Podcast: S3 E12: The Rise of AI in the Public Sector -- Separating Fact From Hype With Dr. Sherry Bennett – April 21, 2023. Length: 16:59
In the latest episode of TD SYNNEX Public Sector's ContinuousX podcast, hosts Rick Stewart and Mike Fitzurka talk to Dr. Sherry Bennett, Chief Data Officer at TD SYNEX Public Sector. In this insightful episode, Dr. Bennett shares her expertise on the rise of AI and helps separate fact from hype in the public sector.
ContinuousX Podcast: S3 E13: Accelerating Digital Transformation with Platform Engineering: A DevSecOps Perspective – May 8, 2023. Length: 15:35
In this episode of TD SYNNEX Public Sector’s ContinuousX Podcast, join hosts Rick Stewart and Mike Fitzurka as they explore the world of platform engineering and its impact on the public sector's digital transformation journey. Joined by expert guests Saurabh Chhatwal and Francisco Gonzalez from Google, they break down the buzzwords and define the methodology of platform engineering within the larger context of DevOps.
ContinuousX Podcast: S3 E14: Unlocking Innovation: The API-First Approach as a Catalyst for Public Sector Success – May 22, 2023. Length: 12:40
APIs are revolutionizing the way government agencies deliver digital services! In our latest podcast episode, join hosts Rick Stewart and Michael Fitzurka as they sit down with Saurabh Chhatwal, a Solutions Architect at Google, to discuss the proper mindset, key benefits and the challenges and opportunities of implementing an API-first driven approach in the public sector. Join the conversation and discover how APIs can enhance scalability, security, and user experiences.
ContinuousX Podcast: S3 E15: Building a Secure and Ethical AI Foundation in the Public Sector – June 1, 2023. Length: 15:39
Join us for the latest episode of TD SYNNEX Public Sector’s ContinuousX Podcast, where we delve into the world of DevSecOps and AI in the public sector. Our guest speakers, Saurabh Chhatwal and Francisco Gonzalez, Google Solutions Architects, share their insights on innovation, security, and practical strategies for adopting AI technologies.
ContinuousX Podcast: S3 E16: Proactively Securing Your Containerized Environments With Tom Hance – June 16, 2023. Length: 7:30
Join us on this episode of TD SYNNEX Public Sector's ContinuousX Podcast as we delve into the world of containerization and its unique security challenges. Our guest, Tom Hance, Director of Container Security at NeuVector, sheds light on the importance of proactive security measures in containerized environments. Discover how the adoption of containers has introduced vulnerabilities and risks, and gain insights on effectively mitigating these issues. From the limitations of visibility to the need for real-time prevention, this conversation uncovers the key considerations for safeguarding your containerized infrastructure to stay ahead of potential breaches.
ContinuousX Podcast: S3 E17: Securing Containers With Layer 7 Controls and Zero-Trust: Best Practices With Tom Hance – June 29, 2023. Length: 10:20
Discover the secrets to safeguarding your containerized environments in the latest episode of the ContinuousX podcast. Join Tom Hance, Director of Container Security at NeuVector, as he unveils the game-changing best practices of layer 7 controls and zero-trust architecture. Don't miss out on this exclusive opportunity to enhance your security posture and unlock the potential of continuous deployment environments.
ContinuousX Podcast: S3 E18: Navigating the Ripple Effect: New NIST 800-53 Controls on Supply Chain Risk Management – July 17, 2023. Length: 8:01
In this episode of the TD SYNNEX Public Sector's ContinuousX Podcast, cybersecurity expert Don Maclean joins hosts Rick Stewart and Mike Fitzurka to discuss the significant updates in NIST's latest version of special publication 800-53. The focus of this revision is on supply chain risk management, bringing about a paradigm shift in how government agencies assess the security posture of their own systems and their suppliers.
ContinuousX Podcast: S3 E19: DevProtectOps: Securing Container Environments with Tom Hance – July 31, 2023. Length: 10:55
Join us in this enlightening episode of TD SYNNEX Public Sector's ContinuousX Podcast as we delve into the world of DevSecOps and container security. Seasoned expert Tom Hance, Director of Container Security at NeuVector, shares valuable insights on 'DevProtectOps'—a harmonious balance of 'Shifting Left' to build a solid foundation and 'Drifting Right' for robust attack prevention in production.
ContinuousX Podcast: S3 E20: NIST 800-53r5 Insights for the Public Sector: Impacts of New Supply Chain Controls – August 10, 2023. Length: 10:36
Delve into the evolving landscape of cybersecurity within the public sector with our latest episode of TD SYNNEX Public Sector’s ContinuousX Podcast. Join hosts Rick Stewart and Mike Fitzurka as they engage in an illuminating discussion with expert Don MacLean, Chief Cybersecurity Technologist at TD SYNNEX, about the profound implications of NIST Special Publication 800-53 revision 5 (NIST SP 800-53r5).
ContinuousX Podcast: S3 E21: Continued Insights on NIST 800-53r5: Supply Chain Assessments and Enhanced Scrutiny – August 25, 2023. Length: 9:50
Dive deeper into the world of cybersecurity as we continue our discussion on the significant developments of NIST SP 800-53r5. In this latest episode of TD SYNNEX Public Sector’s ContinuousX Podcast, our hosts, Rick Stewart and Mike Fitzurka, welcome back Don MacLean, Chief Cybersecurity Technologist at TD SYNNEX, for a focused look into what public sector partners can expect as agencies ramp up evaluations of vendors’ cybersecurity postures and supply chain integrity. This episode illuminates the importance, challenges, and opportunities of comprehensive supplier assessments, risk management of supply chain, and the potential impact of the public sector's enhanced scrutiny.
ContinuousX Podcast: S4 E1: Continuous Quality: Moving Beyond Testing Toward Meaningful Automation – November 3, 2023. Length: 13:08
Starting off the new season of the ContinuousX podcast, your host Mike Fitzurka interviews Arthur Hicken, Chief Evangelist at Parasoft, about implementing continuous quality. Join them for an insightful discussion on how to move beyond automated testing to achieve meaningful test failures that provide actionable insights.
ContinuousX Podcast: S4 E2: Testing in the Age of AI: Terminator or Collaborator? – November 16, 2023. Length: 14:56
How is AI transforming software testing? Tune in as expert Arthur Hicken of Parasoft joins host Mike Fitzurka to discuss the rise of artificial intelligence and machine learning in test automation. Gain insights on leveraging AI as a collaborator versus a replacer, using AI tools to enhance manual testing, considerations for training AI on custom code, and more.
ContinuousX Podcast: S4 E3: Self-Healing Tests: Using AI to Keep Software Testing Robust – December 5, 2023. Length: 16:21
What if your test suite could automatically fix itself? Host Mike Fitzurka and expert guest Arthur Hicken explore that intriguing concept around leveraging AI for self-healing tests.