Nickolas Means Talks About Security, Devops Velocity, Blameless Orgs, And Conferences Infosec Should Attend BrakeSec Education podcast

Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend

2+ y ago 1:14:50

Content provided by Bryan Brake, Amanda Berlin, and Brian Boettcher. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Bryan Brake, Amanda Berlin, and Brian Boettcher or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

Guest info

Name and Title:

Nickolas Means, VP of Engineering at SYM

Email/Social Media Contact:

@nmeans on Twitter, @[email protected] on Mastodon

Time Zone (if other than Pacific):

Central (Austin, TX)

Show Topic Summary / Intro

We welcome Nickolas Means to the stream. Nick is the VP of Engineering at Sym, the adaptive access tool built for developers. He's been an engineering leader for more than a decade, focused on helping teams build velocity through trust and autonomy. He's also a regular speaker at conferences around the world, teaching more

effective software development practices through stories of real-world engineering triumphs and failures.

He’s also the co-host of “Managing Up” a podcast with Management tips, stories, and interviews to help navigate the challenges of managing creative and technical teams.

Questions and potential sub-topics (5 minimum):

'blameless environment' during an incident. We can discuss working an incident and if a 'blameless' environment the exception or the rule (stories from the trenches are always welcome)

Building a compliance program without tanking your engineering velocity... I'd like to speak about that in terms of overall security (product security, scanning, license checks, and more)

Is there a playbook to building more efficient dev and security teams? Can cross training dev in basic security, or security in sprint planning processes make a better experience for all?

Will we ever solve ‘shifting left’? What does Shifting Left really mean to engineering teams, or is that a term security people created to try and speak ‘dev/eng’?

‘Managing Up’... security is often asked to do a lot. Be STO when you don’t manage the resources, timeline, etc. When teams are small, you’re either in the operational/tactical, when management wants a ‘tactical/strategic’ view. What can the overall business do to create a good working relationship out of the gate? “Make a dashboard” is all well and good, except when your org lacks maturity across the board. What are some realistic expectations management should have when the company is small? (I will provide additional context during the stream)

Additional information / pertinent Links (would you like to know more?):

https://managingup.show/ - Managing Up Podcast “Management tips, stories, and interviews to help navigate the challenges of managing creative and technical teams.“

https://symops.com/ - Adaptive access management tools built for engineers

https://www.ted.com/talks/brene_brown_the_power_of_vulnerability?language=en

https://www.terraform.io/

https://news.stanford.edu/2022/12/05/explains-recent-tech-layoffs-worried/

Show Points of Contact:

Amanda Berlin: @infosystir @hackershealth

Brian Boettcher: @boettcherpwned

Bryan Brake: @bryanbrake @[email protected]

Website: https://www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec

Youtube: https://youtube.com/c/BDSPodcast

463 episodes