1 on 1 with our DevOps Security Lead
Hannah McKelvie lives and breathes cyber security at Telstra because she knows how important it is to keep our software safe.
As part of her role as our DevOps Security Senior Lead, she looks after a talented team of security specialists and testers from our office in Perth.
We caught up with Hannah to get an insight into the innovative cyber security work we’re doing at Telstra and why she loves coming to work every day.
What is DevSecOps, and how is it different from what most companies do with cyber security now?
As part of the traditional software development release flow, security experts need to verify that what is being built is safe for release.
Now, with teams wanting to release to production much more frequently, our challenge is to figure out how to provide the same cyber security expertise but with much greater speed.
How have you been making sure security is forefront in your DevOps projects?
Collaboration and relationship building have been key to raising the profile of security within our DevOps teams.
Initially, we incubated our security subject matter experts into the DevOps teams and had people co-located to provide real-time security advice, governance, and skills uplift. They also helped introduce our early Automated Security Scanning technologies.
More recently, we have been working with all our DevOps teams to find people who are passionate about improving the quality of their solutions, specifically with respect to security.
These motivated individuals have enrolled into our Security Champion Program, which is a formal training program supported by technical sessions and online code remediation challenges in a competitive environment.
What are your tips for balancing security and continuous delivery when working on a team project?
It’s important to keep a risk-based view of the world, and one of the things you might want to consider is prioritising higher risk work to be delivered by more mature and sophisticated teams. This helps with balancing the complexity of work with delivery timelines.
At Telstra, we also encourage the Security Champions to advocate for security bugs to be included in the DevOps team’s backlog and ensure we don’t carry too much security-flavoured technical debt.
What are the day to day things about Telstra, which make it a great place to work for developers looking to try something new?
Telstra is ensuring we deliver solutions through a DevOps approach, which makes it an exciting and empowering place for our developers to work. We’re also transitioning to new ways of working, including Agile, which allows us to move at speed.