Larry  Maccherone

Larry Maccherone

Distinguished Engineer

Larry Maccherone, Distinguished Engineer of Comcast Cable, discusses DevSecOps’ growing influence on a global leader in media and technology...

Sitting down in the new Comcast Technology Centre at its headquarters in Philadelphia, Pennsylvania, Larry Maccherone, Distinguished Engineer of Comcast Cable, shared how the company is uniquely positioned for success in their agile approach to achieving a DevSecOps cultural transformation. 

Maccherone’s professional background heavily revolves around data analytics and Lean-Agile, and he started his first business while still an undergraduate at university. “I’ve been a serial entrepreneur throughout my entire career. My first business had 80 employees and made US$20mn annually in sales,” explains Maccherone. “We were writing software that controlled a large portion of the world’s power generation, and it meant that if hackers exploited a vulnerability in the software, then it potentially brought down the world’s power grid. We got really skilled at writing software that didn’t have exploitable vulnerabilities.” 

Upon joining Comcast in June 2016, Maccherone became responsible for overseeing the company’s DevSecOps transformation. “I have a love/hate relationship with the term DevSecOps. I believe that if you’re doing DevOps right, then the security part is automatically included,” he explains. “You don't call it DevTestOps or DevPlanningOps, it’s just DevOps. However, what I do like about DevSecOps is the emphasis on security. My definition of DevOps and DevSecOps is essentially the same. I define both as empowered engineering teams taking ownership of how their products perform in production, including security. When you get development teams owning the problem, you get a fundamental difference in decision making.”

Maccherone believes being able to change mindsets and adopt security practices into daily activities is a primary goal of any DevSecOps initiative. However, he states that it’s impossible without healthy collaboration and mutual trust. In order to achieve that level of trust, Maccherone introduced a trust algorithm. “The trust formula has three terms combined in the numerator: credibility + reliability + empathy which are all divided by apparent self-interest,” he explains. “It’s important that the apparent self-interest is as small as possible, with an emphasis on shared interests.” Maccherone believes that understanding and embracing each pillar of the trust algorithm is vital to success in DevSecOps. “Credibility means that you know what you’re talking about and it’s important that you’re not just saying things for the sake of it or repeating something you’ve read,” explains Maccherone.

Change management is a key driver to Maccherone and Comcast’s strategy. “The traditional way of gathering a response was to produce surveys. However, we found that the behaviour didn't change,” he says. “We decided on a framework that we can coach from and enable the developers to reflect on whether or not they meet the criteria. If we send an email to them then we get almost no response. However, if we sit with them and allow them to ask questions directly then they instantly start changing their behaviour.”

Perhaps more than any other factor, Maccherone recognises the value of forming strategic business relationships in order to realise long-term success. “We’re at the forefront of DevSecOps, and lots of our vendors see that,” says Maccherone. “We’re constantly searching for vendors that are trying to design their products to fit in with the direction we’re going.” Maccherone believes that without developing such robust and long-standing partnerships, the challenge of reaching the level of success Comcast has achieved would have been significantly harder. “Our vendors are a key to our success and we’re extremely excited and happy with the current set we have,” beams Maccherone. “They align well with our values and that’s been the differentiator to finding ways to reduce our security risk.”

Share

Featured Interviews

Featured

John Bailey

SVP of Technology & Innovation at AVI-SPL

SVP of Technology & Innovation at AVI-SPL, John Bailey, discusses a career driving innovation in communications and AV technology

Read More

Garrett Olson

Wolt’s Head of Insurance and Risk

Technology company Wolt’s Head of Insurance and Risk Garrett Olson explains the insurance needs of Wolt’s 180,000+ courier partners

Read More
We’ve built some unique features into our insurance program specifically because we’ve listened to courier partners in every country
Garrett Olson
Wolt’s Head of Insurance and Risk

Kate Maxwell

Chief Technology Officer for Microsoft’s Worldwide Defense and Intelligence Industry

As the global landscape evolves at an unprecedented pace, Microsoft is helping defence and intelligence clients with game-changing capabilities

Read More

Ashley Naughton

Automotive Logistics Director at McLaren

McLaren Automotive Logistics Director Ashley Naughton on why the company is a perfect match for his skills and passions

Read More

Brigadier Stefan Crossfield

Head of Information Exploitation, Chief Data Officer, Principal AI Officer at British Army

Head of Information Exploitation, Chief Data Officer, Principal AI Officer, British Army

Read More

John Bailey

SVP of Technology & Innovation at AVI-SPL

SVP of Technology & Innovation at AVI-SPL, John Bailey, discusses a career driving innovation in communications and AV technology

Read More