An image depicting two contrasting approaches to IT change management, tailored to the themes of your blog post. On one side, it illustrates traditional IT change management with a formal, structured setting, and on the other, it shows a dynamic DevOps approach. This visual captures their shared goal of risk reduction.

Change Management in Development and Operations

While looking into IT Service Change Management, and primarily in accordance with ITIL, there was one thing that stood out. There seems to be a disconnect between the the development point of view and how change management is implemented by operations. With that I mean that the implementations I have seems to be more applicable for finished product than with software developed in house. The change management processes works when a change is either adding a new product or installing a new version....

May 11, 2024 · 2 min · Oskar Edbro
A picture of a coastal landscape, blurry except for through a camera lens held up in the middle of the image.

Different Kinds of Cybersecurity

In the world of cybersecurity there is a lot of specific definitions, a type of insider lingo that we assume that everyone agrees on the definition of. However, herein lies the problem. We assume, without discussing. I have ended up in multiple discussions that occurs due to different interpretations of a definition. In this post I’ll give my view of one of the biggest differences of definition that I have seen, namely what we include in the term cybersecurity....

August 27, 2023 · 4 min · Oskar Edbro

Comments on the use of Open Source

After the devastating vulnerability in Log4j last month we’ve seen some changes in how companies view open source. The ones whom previously had no policies at all have now began looking into this. For now the main thing we see is asking the question about where Log4j has been used, but that will likely change to. It is important for all the users of open source to understand the nature. You cannot just expect or pressure the maintainers to update their software....

January 6, 2022 · 2 min · Oskar Edbro

Measuring Security, OWASP SAMM

When working with cybersecurity in any development organization it is inevitable that management asks the difficult question. The question that puts us in a very difficult position of grasping the current status of the organizations security efforts. The question I am talking about is as follows, or a version of: How far have we come in our work with cybersecurity? It is an understandable question. We need to see that the time and money put into security are adding value to the business....

September 26, 2021 · 4 min · Oskar Edbro

Security Professionals Have to be More than Nay-Sayers

A couple of weeks back I had a very interesting meeting at work. After meeting a new development team and discussing security (testing), they commented on how great it was to work with a driven and interested security engineer instead of a nay-sayer. This got me thinking about the overall view of security professionals from others, and realised that we are often seen as a hindrance. This line of thinking arose once more after reading the “Report on the 2020 FOSS Contributor Survey” [1]....

December 15, 2020 · 2 min · Oskar Edbro