Interview with Peter Bevan, our Chief Platform Engineer - The world of DevSecOps at D&G
When did you join D&G?
*Checks Notes*…. April 2022 apparently… it’s been a very, very fast six months!
What does your journey to Chief Platform Engineer at D&G look like?
- Left school at 17
- Got a job as IT Technician Grade 3 at Liverpool University ~1997
- Got bored and learned to write Perl so I could make a web forum for my mates
- Got really bored and left to write Perl for a living
- Spent most of my early 20s building services for .com boom start-ups and ISPs
- Built some SMS-based conversational interfaces a good decade too soon
- Helped build a sports video network that delivered video content to mobile phones
in a “world before Youtube and iPhones” (if you can imagine such a thing)
- CTO for an Event Ticketing comparison service
- CTO for a sports-based social media network
- Web App architect for Centrica Hive (met Seb – now D&G’s CTO)
- Principle Engineer @ Goco
- Principle Engineer / DevSecOps @ VM
- …. and finally D&G
What does your team do at D&G?
We (the Cloud Centre of Enablement) are responsible for providing the cloud platform upon which all our services and application are built.
We work with our InfoSec team to secure our cloud environments and SaaS tools, and to supply development practices and automations to our development teams.
Our product development squads are given standardised pipelines, useful infrastructural patterns, helpful guidance and whatever else we can do so ensure they are free to focus on solving their own domain goals. Oh, and we also work closely with vendors across the industry to onboard new tools and SaaS products.
What is an example of DevSecOps?
One example would be: Having all your code deployed into a cloud environment automatically from a repository via a pre-built pipeline which tests and security scans code before deploying it. Another one could be: Engaging with your security and QA colleagues at the design phase rather than just after the first deployment.
What tools are used in DevSecOps?
Communication, Openness, Collaboration, Diversity & Trust (But also: AWS, GCP, Azure, Git Hub, GitLab, CodePipeline, Checkov, SonarQube, OWASP, Snyk,
Veracode, Checkmarx, Rapid7, Shell Scripts, Typescript, Python, etc…)
How do I start a career in DevSecOps?
Learn a discipline (software engineering, ops, or security) to some extent and work in that domain in a production environment for a while. Maybe do a bootcamp, a Code Academy course or a bunch of AWS certifications. Use that experience to discover how much you don’t know about the rest of the stack and see if that lights up your interest.
When I started out if you knew how to plug-in a printer people thought you were a borderline-genius, and the only qualification you needed for a job in tech was to know more acronyms than the person interviewing you. In 2022, there’s a lot more to know, a lot more to deploy and a lot more security threats to consider.
So, what do I know…? … maybe it starts when you send Domestic & General your CV!
Is coding required?
Yes! The ‘Dev’ part of DevSecOps implies the automation of operational process via the medium of code – it’s the best part of what we do: Freeing up the human intelligence of our fellow workers by automating away as much as we possibly can.
What do you love most about your job?
Bringing my fellow workers joy!
What would you say to a techie thinking about joining Domestic & General?
If you’re a technologist with a strong interest in building and owing products, a person with care and respect for the people and processes you engage with every day and a desire to build a truly world- class tech platform – come talk to us, cause that's exactly what we’re doing.