Guest Blog: Marc Cluet on Epic Failures in DevSecOps Vol. 2.


Marc Cluet has been an instrumental part of DevOps Exchange, writing blogs, delivering insightful talks and helping to run our Barcelona contingency.

Marc has contributed code to several projects including Puppet, mcollective, Juju, cloud-init and helped create MAAS. He loves solving complex infrastructure problems and applying solid and repeatable solutions, he is also an expert in building up agile engineering

When he's not supporting our global DevOps Community, Marc Cluet is a Senior Partner Solutions Engineer at Hashicorp and has over 23 years of experience in the industry, including companies like Rackspace, Canonical, Trainline, DevOpsGroup, Nationwide Building Society and several startups across five different countries. 

A well-known name on the DevOps circuit, he has spoken in some of the most prestigious conferences including FOSDEM, LISA, OpenStack Summit, UDS, Puppetconf and several meetups. Marc is one of the organisers of London DevOps which is the second biggest DevOps meetup in the world, he also helps organise DevOps Exchange Barcelona and Barcelona Big Data. Marc is a DevOps Institute Ambassador. 

You can follow him on Twitter here (we can confirm he does indeed "swear a lot"). 

He has recently co-authored a book all about DevSecOps and we were thrilled to spot our Director's name in the acknowledgement section! We caught up with Marc to learn more about this latest publication; 

Why did you and your co-authors decide to write about Epic Failures in DevSecOps?
This book is an initiative by Mark Miller who organises DevSecOpsDays globally, he looked for people with experience and real-life scenarios in the market about DevSecOps and what kind of issues practitioners have met during their career, hoping that this helps the community when facing similar challenges.

Who is the book aimed at?
This book is aimed at any DevSecOps or DevOps professional who wants to have an entertaining read but also gain some knowledge about real-life solutions for problems they might be facing or face in the future.

What is the biggest failure you have seen within DevOps Security?
The biggest issue I have seen happening over and over again is trying to retrofit security into an already architected or developed solution, it is the worst-case scenario as it bolts security on top of what the application is already doing, this has been proven again and again to be the worst way to secure any workload.

The DecSecOps community keeps preaching for "shift left" on security, making sure that either the security team is directly involved starting at the planning phase or it has visibility of the process.

What should the reader expect to learn from reading the book?
It is quite an informal book of experiences with some ideas to fix issues with proven solutions, it helps not falling into the same issues and can give you some inspiration as well, this book is not intended to be a step by step guideline but more of a practitioners guide.

Where I can go if I want to learn more about DevSecOps?
We’re organising DevSecOps Days UK this year as well, due to covid-19 it has to be virtual but we’ll be running it on Friday, Dec 4th 2020, you can sign up here.

And finally, where can I purchase the book?
The book is available for purchase on Amazon.

Find out more about DevSecOps Days UK today (they're still accepting talk proposals - get in touch!).