IT Ops Query

Christopher Crowley is an independent consultant and senior instructor at the SANS Institute, who has 20 years of experience managing and securing networks. He is considered a leading expert in building a security operations center, or SOC, and authored the SANS 2024 SOC Survey report in May, which focused on the top challenges facing security operations.
In this episode, Crowley's survey provides an entry point for a bigger-picture discussion about the last 20 years of SecOps, the pros and cons of cloud-based SOCs, the trough of disillusionment with AI and predictions for the future.

The number, magnitude and costs of cyberattacks have steadily escalated, year after year, for the last two decades as software has eaten the world. Fresh vendor products continue to proliferate to address increasingly sophisticated threats, but time-honored problems with human error, systems visibility and vulnerability remediation continue to plague security operations (SecOps) teams. When even the world's largest tech companies continue to be breached by attackers, what hope is there for everyone else that software-based security disasters won't continue to spiral? In this season of IT Ops Query, beginning on September 5,  you'll hear from a range of experts about the mounting pressures of security operations, and how the tech industry can begin to relieve them.

Josh Koenig and David Strauss are co-founders at Pantheon, a platform for building and operating websites. Josh is the chief strategy officer, and David is the CTO. Open source software is a big part of the web, and Pantheon is a downstream user as well as a contributor to several open source projects. David is an early contributor to systemd, a component of Linux distributions, a member of the Drupal security team, and was a founding member of the first Fedora Server working group in 2011.
Josh and David share their views as downstream consumers of open source software as well as members of the community, touching on why enterprises don't contribute more to open source, the approach to open source policy and licensing changes by two different major vendors in Red Hat and HashiCorp, efforts to shore up the security of the web by moving to memory-safe languages, and more. Come for the industry insights, and stay for the many colorful analogies in this discussion, from tugboats to tofurkey.
Editor's Note: This episode was recorded before IBM agreed to acquire HashiCorp.

Justin Warren is founder and principal analyst at PivotNine, a technology consulting and analyst firm based in Melbourne, Australia. Until 2023, he was a board member at Electronic Frontiers Australia, a non-profit national organization representing Internet users. At KubeCon North America last year, he asked a press conference panel of enterprise IT leaders what they were doing to compensate open source maintainers "so they don't starve to death."A self-described "filthy socialist," Warren favors a tax or tax-like system for funding open source libraries that are widely used but not full-fledged products -- especially when the alternative is an offer from a malicious actor maintainers can't refuse. Together, Warren and Beth explore various approaches to shoring up the maintenance, security and sustainability of open source software and discuss the future outlook for the industry in this episode.

Emily Fox has held multiple roles at household-name organizations in her 13-year IT career and is currently senior principal software engineer at Red Hat. Previously, she worked as an engineer at Apple, and DevOps Security Lead at the National Security Agency. She also serves as chair of the CNCF's technical oversight committee and is involved in a variety of open source communities and activities.
From her unique vantage point, she addresses the delicate balance the CNCF must strike between enterprises, open source maintainers and open product companies; growing awareness about open source sustainability issues; and how all of that feeds into a general "crisis of conscience" going on in cybersecurity.

How is open source sustainability similar to the subprime mortgage crisis? And what can an episode of South Park teach us about open product business models?
Dan Lorenc has a uniquely multifaceted view of these and other questions – he worked at Google from 2012 to 2021, began contributing to open source projects in the Kubernetes community in 2016, and along the way, developed the tooling that would become the Sigstore project, which helps to verify the provenance of open source code packages. Sigstore is now governed by the OpenSSF, where Dan is a member of the Technical Advisory Council. He is also co-founder and CEO of Chainguard, a software supply chain security startup.
Find out what Dan's take is on everything from the "Tragedy of the Commons" idea itself to the government's role in open source maintenance, the CNCF's role in open products, "open source lite" licenses and what's worked for Chainguard's business so far in this episode.

Tobie Langel is Principal and Managing Partner at UnlockOpen, a consulting firm in Geneva that advises clients on working with the open tech ecosystem. Langel is a passionate advocate for open source, and in February, he gave a presentation at the­ State of Open Conference in London urging funding for open source maintainers.
Here, he discusses the distinction between open source development and open source maintenance, why open source sustainability issues persist and why $1 billion or even $10 billion per year isn't too much to ask of the global tech industry to fund open source maintenance -- especially in an age of vulnerabilities such as log4shell and ongoing software supply chain attacks.

Bruce Perens created the definition of open source and co-founded the Open Source Initiative in 1998. He has said in recent public interviews, however, that open source has failed, and called for its overhaul under his Post-Open project. In this episode, Beth caught up with him to hear more about his ideas for the world after open source.

Adam Jacob is CEO and co-founder of System Initiative, an infrastructure automation software startup that came out of stealth in 2023. Previously, he was co-founder and CTO of Chef Software, which also focused on infrastructure automation, and was sold to Progress Software in 2020. Chef had roots in open source, and underwent a license change in 2019; Jacob has taken a different tack with his new company.
In this episode, he discusses his "speed run" through the various permutations of open source business models during his career, and how the industry can use the lessons learned by a generation of open product entrepreneurs to improve open source-based business sustainability.

Alexis Richardson co-founded a company in 2014 called Weaveworks, which created an open source GitOps project called Flux CD. In February, the company ceased operations, despite having gained new customers in 2023. Among the events that precipitated the closure of the business were acquisition talks with a larger company that fell through "at the 11th hour," according to a post by Richardson on LinkedIn.
Weaveworks is one example of a company associated with a flourishing open source project – Flux CD continues under the CNCF – that ultimately couldn't make the business side work. Richardson gives his take on what happened with the company and how the CNCF could help businesses like it in the future, as well as what he's got planned next.