Larry  Maccherone

Larry Maccherone

Distinguished Engineer

Share
By Sean Galea-Pace
Larry Maccherone, Distinguished Engineer of Comcast Cable, discusses DevSecOps’ growing influence on a global leader in media and technology...

Sitting down in the new Comcast Technology Centre at its headquarters in Philadelphia, Pennsylvania, Larry Maccherone, Distinguished Engineer of Comcast Cable, shared how the company is uniquely positioned for success in their agile approach to achieving a DevSecOps cultural transformation. 

Maccherone’s professional background heavily revolves around data analytics and Lean-Agile, and he started his first business while still an undergraduate at university. “I’ve been a serial entrepreneur throughout my entire career. My first business had 80 employees and made US$20mn annually in sales,” explains Maccherone. “We were writing software that controlled a large portion of the world’s power generation, and it meant that if hackers exploited a vulnerability in the software, then it potentially brought down the world’s power grid. We got really skilled at writing software that didn’t have exploitable vulnerabilities.” 

Upon joining Comcast in June 2016, Maccherone became responsible for overseeing the company’s DevSecOps transformation. “I have a love/hate relationship with the term DevSecOps. I believe that if you’re doing DevOps right, then the security part is automatically included,” he explains. “You don't call it DevTestOps or DevPlanningOps, it’s just DevOps. However, what I do like about DevSecOps is the emphasis on security. My definition of DevOps and DevSecOps is essentially the same. I define both as empowered engineering teams taking ownership of how their products perform in production, including security. When you get development teams owning the problem, you get a fundamental difference in decision making.”

Maccherone believes being able to change mindsets and adopt security practices into daily activities is a primary goal of any DevSecOps initiative. However, he states that it’s impossible without healthy collaboration and mutual trust. In order to achieve that level of trust, Maccherone introduced a trust algorithm. “The trust formula has three terms combined in the numerator: credibility + reliability + empathy which are all divided by apparent self-interest,” he explains. “It’s important that the apparent self-interest is as small as possible, with an emphasis on shared interests.” Maccherone believes that understanding and embracing each pillar of the trust algorithm is vital to success in DevSecOps. “Credibility means that you know what you’re talking about and it’s important that you’re not just saying things for the sake of it or repeating something you’ve read,” explains Maccherone.

Change management is a key driver to Maccherone and Comcast’s strategy. “The traditional way of gathering a response was to produce surveys. However, we found that the behaviour didn't change,” he says. “We decided on a framework that we can coach from and enable the developers to reflect on whether or not they meet the criteria. If we send an email to them then we get almost no response. However, if we sit with them and allow them to ask questions directly then they instantly start changing their behaviour.”

Perhaps more than any other factor, Maccherone recognises the value of forming strategic business relationships in order to realise long-term success. “We’re at the forefront of DevSecOps, and lots of our vendors see that,” says Maccherone. “We’re constantly searching for vendors that are trying to design their products to fit in with the direction we’re going.” Maccherone believes that without developing such robust and long-standing partnerships, the challenge of reaching the level of success Comcast has achieved would have been significantly harder. “Our vendors are a key to our success and we’re extremely excited and happy with the current set we have,” beams Maccherone. “They align well with our values and that’s been the differentiator to finding ways to reduce our security risk.”

Share

Featured Interviews

Featured

Rujul Zaparde

CEO and co-founder of Zip

Believing the procurement process could be better, Rujul Zaparde and Lu Cheng created Zip, to create one front door for procurement

Read More

Deepika Rayala

Chief Digital and Information Officer at Cornerstone

Deepika Rayala is Cornerstone’s Chief Digital and Information Officer.

Read More
"Every 3 seconds, there's someone doing a Cornerstone learning course somewhere in the world”
Deepika Rayala
Chief Digital and Information Officer at Cornerstone

Andre Oosthuisen

Group Integration and IT Executive at Westfalia Fruit

Westfalia Fruit’ Andre Oosthuisen explains how the farmer and distributor has totally evolved operations through the use of technology and data

Read More

Mark Opitz

Group Head of ICT – ACCIONA Australia and New Zealand

ACCIONA Australia Head of ICT Mark Opitz on how the company’s digital transformation journey is revolutionising sustainable infrastructure development

Read More

Rachel Bence

CIO at Queen Mary University of London

Rachel Bence, CIO at Queen Mary University of London, blends her research and IT management expertise to drive digital transformation and inclusivity

Read More

Rujul Zaparde

CEO and co-founder of Zip

Believing the procurement process could be better, Rujul Zaparde and Lu Cheng created Zip, to create one front door for procurement

Read More