DevSecOps Training with Intention

Posted on


Interview with Tracy Bannon, Senior Principal/DevOps Architect at MITRE

In a recent LinkedIn post, Tracy Bannon, a pioneering DevSecOps expert and senior principal software architect with MITRE, advocates for structuring training into development programs. As she wrote in the post, “We cannot allow our people and our teams to be completely self-taught in their free time!”

For starters, she suggests structuring security training around the 70:20:10 model: 70% on the job experience, 20% informal, and 10% formal training. She also advocates letting developers break things so they can learn to improve quality. Tracy, who prefers the title, “real technologist,” calls this “training with intentionality,” and it should be embedded into every DevOps organization.

She is a proponent of team and individual learning and feels that training should be a formal part of any DevOps employment program. In that training, encourage them to break applications as one method of learning, such as an interactive hackathon. As she says, “Let’s DAST it together, and let’s have a team cheer when someone finds or breaks something.”

In this video interview, we discuss how to utilize training effectively while encouraging continuous education.

Additional Resources:

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now