Peter is a passionate technologist who helps organizations align with their customer's needs. He has hands-on experience in leading teams through adopting DevOps practices, cloud migration, and many other complex change initiatives. He brings a knowledge of the strategic execution needed for success at the different levels of an organization. Peter currently spends his time helping organizations break down barriers and create clarity and purpose by providing expert coaching and consulting. Peter is active in the community, spending his time writing and speaking about how to align security and compliance, data practices, and technology delivery with value streams and flow.
October 28 Day 2 - CGI Lithuania – Insights you can act on
Securing Your Pipes with a TACO
TACO stands for Traceability, Access, Compliance and Operations and is a set of 20 controls I use as a guideline for helping organizations define automated governance for their software delivery pipelines. However, the primary purpose of TACO is to provide a common language for the organization to understand what "good" pipelines mean for them and how to get there.This model allows for the creation of opinionated pipelines and helps create a common understanding across teams as to what is required in order to be secure. Taking a TACO approach can be considered a part of implementing a DevSecOps program and I’ve used this approach at multiple banks. Having this baseline helps build organizational confidence in the automation of software delivery.During the talk, I’ll run through the different categories of controls, how they are implemented, what the purpose of them is, how to create robust feedback loops for controls.