EPISODE 30: SAY GOODBYE TO ‘GIT BLAME’: BUILDING COLLABORATIVE AND SECURE SOFTWARE DEVELOPMENT LIFECYCLES
Welcome to Compromising Positions!
The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats!
This week we are joined by James Charlesworth, a seasoned Director of Engineering at Pendo with 15 years of experience in software engineering. James is also the creator of the Train to Code YouTube channel, where he shares a wealth of excellent training videos on software development.
In this episode, Say Goodbye to ‘Git Blame’: Building Collaborative and Secure Software Development Lifecycles, we dive into some great topics aimed at saying goodbye to the blame game and hello to good app and product sec!
James talks us through his process of building up cross-functional empathy between his engineering function and the security team; why the engineering team might not be the best team to speak to if you’ve got a lot of vulnerable code and a step-by-step guide on how he excels in delivering product security in his organisation.
Key Takeaways:
Empathy-Driven Collaboration: James emphasises the importance of empathy when aligning priorities across inter-departmental teams. Whether it’s engineering or cybersecurity, understanding why people request specific tasks is crucial.
Shared Ownership of the Codebase: Forget the notion of “that engineer’s code.” James advocates for a hyper-collaborative approach where everyone takes responsibility for the codebase. Avoid the blame game (say goodbye to ‘Git Blame!’) and recognise that collective ownership leads to better outcomes.
Coding Literacy for All: Should security professionals learn to code? Absolutely! While not everyone needs to be an expert, having a basic understanding of coding helps bridge communication gaps. It enables security teams to comprehend technical issues and collaborate effectively with developers.
What is Product Security?: Product security isn’t an afterthought; it’s embedded throughout the development process. Prioritising security ensures a robust and reliable end product.
Learning from Errors: James encourages learning from coding errors early in the software development lifecycle.
Cowboy Coders and Robust Processes: James shares his thoughts on “cowboy coders”—those who cut corners.
Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.
Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.
It really helps us spread the word and get high-quality guests, on future episodes.
We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’
Keywords: cybersecurity, devsecops, git, coding, software development, SDLC, OWASP
Show Notes
About James Charlesworth
James is a Director of Engineering at Pendo, where he also serves as the site lead for the Sheffield office. With 15 years of experience in software engineering, he is committed to Pendo's mission to elevate the world's experience with software. An author and public speaker, James is passionate about diversifying the tech industry and actively works to help individuals from various backgrounds enter the field of software engineering. In addition to his role at Pendo, he also organizes the Sheffield AI Meetup, further fostering a community around artificial intelligence. James is not just a lifelong computer nerd; he's a leader committed to making an impact in technology and community.
LINKS FOR JAMES Charlesworth
James’ website
James’ LinkedIn