Cloud Security Today
The Cloud Security Today podcast features expert commentary and personal stories on the “how” side of cloud security. This is not a news program but rather a podcast that focuses on the practical side of launching a cloud security program, implementing DevSecOps, and understanding the threats most impacting the cloud today.
Cloud Security Today
Pockets of Innovation
Pockets of Innovation with John Chavanne
Episode Summary
On this episode, Solutions Architect at Palo Alto Networks, John Chavanne, joins Matt to talk about his career of innovation. John’s career spans over 20 years at HSBC before transitioning into DevOps and Cloud Solutions at Palo Alto Networks.
Today, John talks about his career arc, transitioning to cloud, and the value of communities of practice groups. Where should organizations start with deploying a CNAP? Hear about the challenges with deploying cloud platforms, and John’s greatest accomplishments.
Timestamp Segments
· [01:30] About John.
· [02:54] John’s career.
· [05:47] What is something that cloud makes easier?
· [07:09] Transitioning from network to DevOps and Cloud.
· [10:15] Starting the move to cloud at HSBC.
· [13:15] Cloud communities of practice.
· [18:47] Sharing code.
· [21:27] John’s biggest accomplishment.
· [23:23] Prisma Cloud.
· [26:25] Organizational challenges with deploying cloud platforms.
· [29:41] Where to start with deploying a CNAP.
· [33:54] How does John stay fresh?
Notable Quotes
· “You can test things out in the cloud and the price of failure is almost zero.”
· “Innovation happens in pockets.”
· “Reduce waste and build habits that reduce waste.”
Relevant Links
Recommended reading: The Toyota Way.
Kubernetes - An Enterprise Guide.
KodeKloud: https://kodekloud.com
Twitter: https://twitter.com/jjchavanne
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Narrator (00:02):
This is The Cloud Security Today Podcast where leaders learn how to get cloud security done. And now your host, Matt Chiodi.
Matt Chiodi (00:14):
Hearing directly from practitioners about how they were able to help their organizations move from on-premises to the Cloud, at least to me is always interesting. On today's podcast, we have a special guest, John Chavanne, who is currently a solutions architect at Palo Alto networks in their Prisma Cloud team. He's going to talk about his over 20 years of experience at HSBC. We're going to talk a little bit about his transition from the network side of the house to DevOps and cloud, and also just about how he was able to form communities of a practice group at HSBC to pull innovation from different pockets of the organization into a centralized group. So I hope you enjoy today's podcast, again, we would love to hear your feedback. What is it that you want to learn about? What's important to you? Drop us an email, you can reach us at cloudsectoday@gmail.com.
(01:14):
John, thank you for joining us on the podcast today.
John Chavanne (01:28):
Yes, thank you so much, Matt, for having me.
Matt Chiodi (01:30):
Tell us a little bit about yourself, what do you do? And what is your role at Palo Alto Networks, let's start there.
John Chavanne (01:36):
My role is as a Cloud Security Solutions Architect. I'm primarily focused on the Prisma Cloud platform and I work on the channel team, a primary part of my role is enabling our partners; helping to build content to help them understand cloud security. As well as how they can protect against the security issues that are often found in cloud environments today.
Matt Chiodi (02:07):
That's awesome, that sounds like something that would be in pretty high demand
John Chavanne (02:10):
Yes, that's no doubt; it is definitely in high demand right now. I think what's exciting for me is, to me it still feels like early days, Cloud's obviously been around for a while and now most companies are probably multi-cloud at this point. If not, they're going to be, and it's really challenging, there are a lot of things to think about, especially, if you are going multi-cloud. It's no more just thinking about what's in your on-prem environments, now, you have to multiply that two or three times to handle all these different public cloud environments, and it's a big challenge.
Matt Chiodi (02:54):
So let's start with your career arc, I love to go through my guests' backgrounds, I think this is always interesting. Let's start with your career arc; you were at HSBC, which is a really large bank for 23 years. 23 years is a long time.
John Chavanne (03:10):
It is
Matt Chiodi (03:11):
Let's first talk about what kept you there and then your transition from network technician to Cloud DevOps Engineer.
John Chavanne (03:21):
I worked with a lot of great people, and I made a lot of great friends, by the way, I'm from Buffalo, New York. Buffalo is not a really big city, but it's obviously on the map, we have some sports teams, and it was a tight community here. I made a lot of great friends, it always felt comfortable to work there and to work with other people that you can trust, rely on, and learn from. It wasn't an odd thing for me to be there so long, but really what changed for me is, that I worked my way up the technical ladder through networking. I was a global lead architect, so I was doing design decisions and architectural decisions for parts of my organization in the telecoms area. Which was great, but around 2017 I really became interested in DevOps, there weren't many people I knew that were, and so for me, it was just something that I really wanted to learn some new things. I'm totally into the way the DevOps mindset is, and the culture, and so as I started to get into that I started to get into network automation. I picked up training from a small company called Network to Code which at the time actually was the only company offering that type of training. And then 2019 is when I really became interested in Cloud, and once I learned how to build stuff in the Cloud, I was hooked. It was so much easier to do things, and I started really enabling myself, and I started this cloud community of practice groups at HSBC. And then early, 2020, I got a new role on the GCP Cloud engineering team as a DevOps Engineer, and I never looked back. It felt like a pretty big career change for me at that point in time, and honestly, I'm a very curious person, I love to learn and I felt like I was a kid again, it was just exciting to work on new stuff.
Matt Chiodi (05:32):
I love that, you sound like you're a constant learner, right? You don't want to be doing the same thing over and over again.
John Chavanne (05:41):
No, I think my biggest fear in life is boredom.
Matt Chiodi (05:44):
I can identify with that one, and I'm on the same page as you now. I want to go back to one thing that you said that I keyed in on; you said there were some things about Cloud that made things easier. Do you have any examples? What was something that you were used to doing on-prem that was a pain, and then when you moved to Cloud, you were like it's so much easier?
John Chavanne (06:07):
Yes, there are a couple of small things, trying to build infrastructure especially, throughout my career, I was sometimes the bad guy because we had the people teams and the application teams waiting on us to get all the networking done and get approvals. It slowed things down tremendously, and so when you start to realize how easy it is to spin stuff up in the cloud, it's a no-brainer for me. As a personal thing, I was starting to get into things where I was building VMs on my laptop, but there are a lot of things to think about, there are a lot of things you have to do to make sure you get the networking right and to get the OS loaded. Getting a lot of things set up can take some time and you can run into problems, so in the cloud, you can pick and choose whatever you want, you can spin stuff up, spin it down, and it is really simple and fast.
Matt Chiodi (07:09):
What was the hardest part of the transition from network to DevOps Cloud, and what were some of the specific things you did to get started? And I asked this question, John because I speak with a lot of different clients and customers around the globe, and there are people who are doing one thing and they know that the future is cloud and they want to get there, but I think a lot of times they don't know where to start. What was the hardest part of that transition for you and what were some of the things you did to get started?
John Chavanne (07:42):
Well, I'll kind of separate it from DevOps and Cloud, because I do kind of think even though they fit together, they're two separate things. Number one I would say is, to try not to get overwhelmed and distracted by all the tooling because there is a ton of tooling out there, it definitely can be overwhelming especially if you're coming from the infrastructure side as I did. I didn't do much coding or anything, so even just learning how to do basic scripting and stuff like that was an area that I focused on early on. There is a lot of material out there today that you can just go and look at, try to find simple examples, whether it's on medium or somebody's blog post or whatever. You don't have to try to do it all at once, just start with a simple example, and the other great thing is that all the Cloud providers offer a free trial account. Pick a vendor; AWS, Azure, or GCP and sign up for a free trial, maybe you get started in the council, which helps to get your feet wet, and then try to learn something like Terraform. You can just take a template off of Terraform’s registry, that'll tell you okay, "I'm just going to build an A&S three bucket, or I'm just going to build a VM." Just copy that code, blow down the Terraform binary somewhere on your laptop and see what happens, it's actually not that hard when you start to test the stuff out, but again, don't get overwhelmed by the tooling, just start small, build something small, tear it down, and iterate on that.
Matt Chiodi (09:32):
I love it, I think you're right, and putting it another way, what you’re saying is, that you can test things out in the cloud and the price of failure is almost zero, right? If you make a mistake, it's not like you're doing it on a test network on your internal network where there might be a chance that it's connected to some other production system. I think the barrier there is a lot lower.
John Chavanne (09:58):
Yes, definitely, and the other advice I would give too is, to talk to other people that have some experience, people in your organization, and again, just look online. There are so many resources out there don't be afraid to ask questions, just try to learn.
Matt Chiodi (10:15):
It looks like you spent your last 18 months at HSBC knee-deep in Cloud. I think this is interesting because banks are notorious for being late adopters, especially when it comes to things like cloud, what were some of the key ways that you were able to get the move to cloud started?
John Chavanne (10:36):
HSBC is traditionally a very conservative company, it was interesting because at the time, and this is going back probably to 2017, our technical leadership really had a good vision and made a huge bet on the cloud. It was really cool because for me at the time, I was also simultaneously learning about the cloud and I got to be a part of that, so it really worked out well. And then the approach our company took was to build a secure perimeter in our Cloud environments and build direct links to our environment. So basically it was an extension of our data centers and our domestic network. We were very strict about what Cloud services we used, so nothing public facing was allowed at first especially not APIs that turned down public services. So server-less for example was a big no-no, and we worked really closely with the CSPs to ensure certain levels of security were met before we would enable new services.
Matt Chiodi (11:44):
I think those are some technical ways, right? And the year was 2017, right?
John Chavanne (11:52):
Yes, and at that time it was still pretty in early development, so the other thing that happened is we brought in consultants, and they built basically a team of external consultants that had experience all ready to get started. It started slowly, I wasn't there in the very beginning of it, because I was probably getting into cloud 2019, but it took time to be able to figure out what they were going to do, and how they were going to build stuff. Obviously, security is a huge thing, so a lot of things started an external development environment to test stuff out before they actually started to put it together inside the bank. Once things got going, it really ramped up and they brought in a lot more people and it was fantastic really because it allowed application teams to start moving much faster than again, going back to the example of how challenging it can be to build stuff in your on-prem environments and the delays that come with that.
John Chavanne (12:50):
So a lot of people got on board.
Matt Chiodi (12:54):
I'm curious, that move to Cloud, was that something that was led by a CIO level down type of thing?
John Chavanne (13:03):
Yes, (Inaudible 13:04) senior leadership, our top chief architect of the bank, and our global chief architect, those were big decisions that they said, "Yes, we're doing this."
Matt Chiodi (13:15):
You mentioned it, but I want to double-click on it now, you talked about this cloud community of practice group that you led with people from all over the company. It sounds like a great idea, but how did you move from talking about things to execution?
John Chavanne (13:33):
It was certainly challenging in the beginning, we started as a very small group of mostly individuals who either had little to no experience in the Cloud, but who like me were just very curious and interested in it. So we brought in guest speakers, sometimes individuals who successfully migrated or built a new application, but a central goal was always learning and sharing knowledge. So as time went on, the group grew and we shared more interesting things, and I ensured it was always a safe place for anyone to join no matter their knowledge or experience. It really helped empower a lot of folks to show off things they were working on and for others to see what was possible. And it allowed there to be this constant evolution of learning and growth for those that participated.
Matt Chiodi (14:23):
Was it primarily an educational forum or were you guys looking at trying to pull in where there was innovation happening in the different pockets of HSBC? What were you guys looking for in terms of the outcome? And the reason I ask is that I think this idea of a community of practice group specifically around Cloud could be something that listeners are potentially hearing about and thinking, oh, that might be something we want to do in our organization.
John Chavanne (14:52):
Yes, it goes against the way things operate in a company, it was a very organic and free-flowing community group. Leading the group, and I'm not saying this is right or wrong, it's just how I did it, but I really tried hard not to make anything too formal. It was important for me to allow anybody to, again, come into the room, they could have had no experience, and to be able to learn, that was definitely number one. But, but what we did when we had content to share, let's say it was a demo that somebody did; they automated some stuff, and that was kind of a common use case. A lot of what we talked about wasn't just Cloud, it was also the DevOps pieces, so we're moving something to the cloud, and how are we going to automate all this stuff? And they used existing tooling that we had in HSBC, and then they would talk about the processes and things that I had to go through to get approval on these tooling. What was awesome about that is, that once somebody shared that, they had those success stories, now we had a pattern to work from. So other people that were part of that group, they might've been from completely different teams from different parts of the globe who would've never talked to each other, but they just thought, "Hey, I just saw the finance team built this amazing application and pipeline, and they're automating stuff, and they're doing code changes twice a day, that's amazing, right?" They took that pattern then, which they would've never seen before, and now they're saying, I'm going to use the same thing. So the more we shared that stuff, that to me was what really made it successful, because again, HSBC was 250,000 people I think, and it's insane, right? So sharing things across teams or across the globe just didn't happen, and this was, again, an opportunity for us to kind of take down all the borders and the walls, there were no silos in this group. It was like anybody and everybody who's interested would come on and participate, and once words started to get out that really helped a lot of people pick up things that they might have spent another six months trying to build it the same way. For me, from an execution standpoint, it was more about just continuously learning, continuously making things easier for others, so they didn't repeat mistakes or struggle through moving on, and being able to do their work in the cloud.
Matt Chiodi (17:33):
I think that's something that is going to be useful to the listeners simply because the larger the organization, the harder it is to innovate a lot of times; innovation happens in pockets.
John Chavanne (17:48):
Yes, absolutely.
Matt Chiodi (17:49):
And when you have these informal communities of practice that's where these ideas can really proliferate. And organizations that tend to be a little more conservative, and they're like "Hey, we don't want to be bleeding edge, we definitely don't want to be bleeding edge." This has been done, this has been proven elsewhere in the company, I think it lowers that barrier of willingness to try doing things a new way.
John Chavanne (18:11):
Yes, and I purposely made it safe; people spoke up who might not have spoken up, and I enjoyed it so much because it was just a unique thing. My prior 20 years never got to do anything like that, it was a really cool thing to be a part of and people really appreciated it. It was always nice when somebody learned something and they are like, "Oh my gosh, this would have taken me six months to do," it was very cool.
Matt Chiodi (18:48):
You mentioned in the example that when people were looking at not necessarily cloud per se, but when they were doing some DevOps things with automation and using things like Terraform, did you guys have a repository where you shared code? What did that look like?
John Chavanne (19:06):
Well, as time went on, there were lots of repositories, and it's a bit tricky; we did have some central repo with Terraform templates that were kind of tested through some teams as well as security that was approved. So yes, we did have like some templates to work from, but even with those templates, obviously, there's still going to be some fine-tuning and some additional changes that might be unique to one department than to another. But we did try to do that and it definitely helped some groups, and some other groups felt like, "I don't understand what I'm reading here," and so they started from scratch and built their own templates. But it definitely helped and we tried to do as much as possible, but even then it is such a big organization. There were definitely groups that just decided to build their own things because they were still siloed or maybe they had certain regulatory things that they had to abide by. And so they had stricter requirements when they were building their code versus somebody who is just building something that was fine to be public-facing and didn't need all those security requirements, they're like, "Yeah, I don't want to do that." You're going to have different opinions, anything you code or anything (Inaudible 20:25) is always going to be opinionated. So to answer your question, yes, it helped to a certain degree, and I think people try to use reuse stuff where they could, and the more that we were able to do that it definitely made things easier for others.
Commercial (20:40):
Prisma Cloud secures the infrastructure, applications, data, and entitlements across the world's largest clouds, all from a single unified solution. With a combination of cloud service provider APIs in a unified agent framework, users gain unmatched visibility and protection. Prisma Cloud also integrates with any continuous integration and continuous delivery workflow to secure cloud infrastructure and applications early in development. You can scan infrastructure's code templates, container images, server-less functions, and more while gaining powerful, full-stack runtime protection. This is unified security for DevOps and security teams, to find out more, go to Prismacloud.io.
Matt Chiodi (21:27):
In 23 years, what accomplishments are you most proud of during your time at HSBC?
John Chavanne (21:34):
It's a hard thing to answer, I had a lot of successful projects even early in my career that I was really proud of at the time, but I think these last few years where I was given the freedom to lead others through my own influence whereby I successfully opened people's minds and enabled them to do things differently for the betterment of the organization and also people's own careers. Leading the community of practice groups was, I would say one of those efforts, and I also spearheaded a network transformation effort in 2018 where I brought the concept of net DevOps to my entire global telecoms organization; that was over 500 people. And what was cool about that is a lot of people told me they were really inspired by it including a lot of the management. And I'd say lastly, I went through a program that was internal to HSBC called the enterprise engineer program. I was elected into that in 2019 and I felt very fortunate at the time to be elected into it, and at the end of that program, I actually was given the enterprise engineer transformation award, for which I was only one of five people in the entire company to receive it. So that felt really good, especially because it affirmed that even though my efforts to educate and inspire and influence others never really attached any specific performance goals, the positive impacts I was having on others and the organization were really being recognized by senior leadership.
Matt Chiodi (23:23):
Let's fast forward to today, you're a solutions architect with Palo Alto networks and you focus on the Prisma Cloud side of things. Prisma Cloud is a cloud-native application protection platform; this whole category of CNAP has gotten very popular over the last three years. And I constantly work with clients all over the globe who are looking at not just Prisma Cloud, but they're looking across the board at all the other players in that space. But from your perspective; you've helped a lot of customers, where do you see them struggle most when deploying the platform and what have you seen be most helpful in overcoming those challenges?
John Chavanne (24:08):
It's a big platform, so there's so much you can do with it, and I think sometimes customers aren't aware of many of the features and so they don't fully operationalize it. So I say the most successful customers that I've seen really embrace it though, and they invest their time in their staff to upscale them and have goals to drive efficiencies that align with their business goals of moving to the Cloud. Obviously, they're taking advantage of why you're going to the Cloud, increasing speed and scale with their code deployments. Organizations that recognize that get tremendous value out of Prisma Cloud because there's even proof in the Forester report that we have up on our website that surveyed some of our customers, we're talking less than six months payback on the tool; I think it was 276 ROI. There are massive efficiency gains in both DevOps and SecOps teams, and I really urge any existing or new customer to read that report. And you have to think that security doesn't have to stand in your way, I think that's sometimes scary for a lot of folks, it's like there's so much to worry about in the world with cybersecurity and so forth, but Prisma Cloud really allows you to embrace security and bake it into your code and processes that gets your teams moving fast and safe. And so if you can look at that higher picture view you're going to really see the opportunities that you can get out of using Prisma Cloud as an entire platform.
John Chavanne (25:52):
And again, it really helps to get everything from all the ways from the left; your developers and your Devs and your DevOps engineers to bake stuff in early on. It gets those efficiency gains because your SecOps team isn't getting flooded with alerts and it helps to build the communication between the two groups without actually having to send nasty emails or spreadsheets of alerts or whatever. So to me, it's really getting the organization bought in and it brings a top-down approach to get everybody to be on board.
Matt Chiodi (26:26):
Have you seen challenges with deployment, whether it's Prisma Cloud or whether it's any other type of cloud-native application protection platform, have you seen issues with organizations where the deployment is not necessarily the technology, but it's more organizational, whether it be ownership? I think you mentioned that Prisma Cloud, the platform itself has expanded greatly over the last three plus years, whereas if you probably went back three years ago, it would've just focused on CSBM; Cloud security, posture management, whereas now it's covering pretty much every area of cloud security. Let's take the technical piece out of it, where do ownership and the organizational struggles usually come in when someone is trying to deploy a platform like that?
John Chavanne (27:15):
Let's say it's a security team that buys the product and they're focused on CSPM or CWP, which is our cloud workload protection. If that's all they're thinking about, then all they're looking at is runtime. So they're focused on, okay, I've got runtime alerts, I want to see the visibility of runtime, and all they're doing is throwing things back over the fence to the Devs and DevOps engineers, "Hey, go fix this, go fix this, go fix this," Devs and DevOps engineers don't want to keep hearing they've done things wrong, who does? From an organization standpoint, you need somebody who can lead and bring those two teams together. Prisma Cloud is an example and this could be on any other CNAP, but, I think we do a really good job of this; we have a platform here that can help both sides if we're talking again about our DevOps, Devs, and our security operations folks. If I'm a Developer and I'm a DevOps Engineer, and I can take security templates or bake security into my code right in the beginning, I'm excited about that, because that means that every fix I make early on that's less of an issue or it lets you one less alert I'm going to get each time. And the security operations folks are excited because they're like, "Well, great, you're fixing these issues, that's one less alert I have to look at." Because who wants to keep throwing stuff over the fence, right? That's not something that anybody really wants to do, so once you start to get common ground there and start to realize how you can use this platform again, to help your whole organization, all you really need then is just leadership to say, listen, this is our vision, this is what we want to do, we're going to make this better for all you guys, and here's why, and you explain that. To me, that's where an organization is going to be successful, and you're building code faster, your application's out there faster, there are business benefits to all of this.
Matt Chiodi (29:41):
So if a listener is thinking about deploying a CNAP, where should they start? How do they go about getting all the right teams lined up organizationally? What does that look like? What do you recommend based on your experience?
John Chavanne (29:54):
Yeah, it's not easy, I think the larger the organization, the harder that's going to be, speaking from my experience at HSBC, that's tough. I'm not going to sugarcoat it, but I'll go back to our senior leadership's decision to move to the cloud in the first place at HSBC right? You had senior leadership that says, this is what we're going to do, and you bring people in, and this is our vision, and this is where we want to go. And I could tell you, there was a lot of excitement when that type of decision was made, and senior leadership was the ones that were saying, we're going to do this. I think you have to take the same approach, teams shouldn't just find something that they like, and say, "Okay, I want to do this for my team, and then only keep it to themselves. I've seen a lot of that where, if I, again, go back to my GCP engineering team, if that's all we did was just pick something that worked for us and only did it for GCP, then we're kind of leaving a lot of other folks out because what's going to happen is another team is going to do the same thing and they pick something different. All of a sudden, now you got two different tools, and then all the other teams are going to do something and they may pick another tool. So it's very inefficient, so be courageous if you're one who's looking at that technical solutions and you want to be able to do something that you think can help your organization, speak up, escalate that up and say, "Look, this isn't just for us, this could help everybody." Because what are you going to do? You're going to benefit your organization, and let's face it, that could turn into better revenues if you're building things more efficiently if you're able to move your code faster and get your product out there faster. So think big is what I would say and get buy-in as much as you can.
Matt Chiodi (31:49):
It sounds like it's a matter of if someone's trying to deploy a Cloud-native application protection platform that is kind of holistic, and it covers all these different areas, it's naturally going to span multiple teams. There are going to be things in there, and it may look primarily like it is for security, but as you mentioned DevOps teams, it seems like there would also be benefits in there for those teams as well. So it sounds like it's a matter of aligning priorities, right? Because a DevOps team may have a different set of priorities than a security team, but at the end of the day, I think if there's maybe a way to align those and perhaps put some metrics around them, it may become more straightforward. I won't say easy, but it may become more straightforward in terms of how to deploy a comprehensive platform like that, does that sound about right?
John Chavanne (32:38):
Yes, absolutely, and you can easily align metrics to these things because again, if you're in a state where right now, every time somebody does a deployment, they've got to go through that deployment and alerts happen, the security operations team picks that up maybe a day, or two days later, it opens up a ticket that goes back to the team; another week goes by, and they fix it, so it's terrible. And I saw that that was not an uncommon thing to see where all of a sudden, it's two weeks, three weeks, and four weeks before things get fixed, and it just slows everything down. I think what's amazing about our platform is you can use it right in your IDE, do a scan that takes 10/30/20 seconds and you find remediations right there, you save so much time. So to me, yes, absolutely, build metrics around where are we at today and see what starts to happen. I think you'd be quite surprised how much you can improve on those metrics once you start getting folks bought into the process and using the platform.
Matt Chiodi (33:54):
So you mentioned that you get bored easily, it's one of your greatest fears. So tell us and your listeners how you stay sharp. How do you stay fresh? What are some books, and podcasts that you would recommend to the audience, and why?
John Chavanne (34:10):
I'm constantly looking at different things, but if I were to pick a book, I'll start from the ground up, so we're talking about DevOps, honestly, my personal favorite is the Toyota way, and I think for me, it's the basis for DevOps and shift left. I actually like to simplify some of its key concepts and really apply them to all sorts of things in life, in fact, I don't know if anyone's ever said this before, but I personally use the phrase "shift left life" because every time I make a major purchase decision, I use this philosophy. If you read the book, you should walk away from it remembering two keywords, which are 'reduce waste' and 'build habits that reduce waste'. Waste can be time, waste can be repeated maintenance, waste can be all sorts of manual processes, waste can be security alerts, patching vulnerabilities, automating processes and baking security as far left as possible. Use tools that cover large numbers of used cases and make it easier for yourself, the better you get at reducing waste, the better DevOps and DevSecOps are going to be. And the second thing I would say is, I'm going to use a learning platform, so Kode Kloud, which is spelled with two Ks is by far, I think the best DevOps learning platform out there, I used it for both my two Kubernetes certifications, it was excellent. I'm a firm believer in learning by doing and Kode Kloud just executes that perfectly. Honestly, I'd never really learned so fast with anything before, and Kubernetes is a complicated topic, right? There's also a lot of noise out there on learning and unfortunately not all good content, so the Kode Kloud folks to me are experts teaching you many of today's key DevOps skills through simplifying complex topics and reinforcing learning through repeated hands-on practice. They've added a whole bunch of other new courses, I just actually took a home course which is great, I plan on taking my CKS course through them and they also have an STO course. There are all sorts of cool things, but by far and away, take a look at them, they've got a ton of great reviews because you definitely want hands-on learning and practice, they're great at that. And then lastly I'm going to pick a book on Kubernetes itself, it's a book called 'Kubernetes and Enterprise Guide' by Scott Surovich and Mark Boorshtein; you can find it on Amazon. In fact, they just released their second edition and this book is more for advanced users for deploying Kubernetes at scale in the enterprise, but made simple by these guys and it goes well beyond what you would typically find anywhere else and it covers some really important topics for enterprise folks like internal and global low bouncing, external DNS, authentication or back, auditing using an open policy agent STO, and deploying an entire Get ops platform with CICD.
Matt Chiodi (37:28):
So if our listeners want to connect with you, and if they want to find you online, what's the best way to do that?
John Chavanne (37:33):
It's funny you should ask that because working for a large global bank for so many years, I was trained to not share much publicly. I'm also an introvert, but I would say, by far I use LinkedIn more than any other platform. So just search my name, to connect with me, or you can send me a message if you like, and you can also find me on Twitter at JJ Chavanne, but you might be disappointed because I think I have two followers, so if least two of you out there decide to connect with me, you could double my following overnight. Maybe if that happened, I'll start using it more, I'm still getting used to not working for a big bank.
Matt Chiodi (38:17):
Well, John, it's been awesome having you on the podcast today; I appreciate your insights, thanks for joining us.
John Chavanne (38:22):
Yes, thank you so much, Matt, I really enjoyed this too.
Narrator (38:26):
Thank you for joining us for today's episode, to find out more please visit us at Cloudsecuritytoday.com