DevSecOps Training with Intention

Posted On

by

Interview with Tracy Bannon, Senior Principal/DevOps Architect at MITRE

In a recent LinkedIn post, Tracy Bannon, a pioneering DevSecOps expert and senior principal software architect with MITRE, advocates for structuring training into development programs. As she wrote in the post, “We cannot allow our people and our teams to be completely self-taught in their free time!”

For starters, she suggests structuring security training around the 70:20:10 model: 70% on the job experience, 20% informal, and 10% formal training. She also advocates letting developers break things so they can learn to improve quality. Tracy, who prefers the title, “real technologist,” calls this “training with intentionality,” and it should be embedded into every DevOps organization.

She is a proponent of team and individual learning and feels that training should be a formal part of any DevOps employment program. In that training, encourage them to break applications as one method of learning, such as an interactive hackathon. As she says, “Let’s DAST it together, and let’s have a team cheer when someone finds or breaks something.”

In this video interview, we discuss how to utilize training effectively while encouraging continuous education.

Additional Resources:

Other Posts

Check out all other blog posts and stay informed.

view all posts