Larry  Maccherone

Larry Maccherone

Distinguished Engineer

Larry Maccherone, Distinguished Engineer of Comcast Cable, discusses DevSecOps’ growing influence on a global leader in media and technology...

Sitting down in the new Comcast Technology Centre at its headquarters in Philadelphia, Pennsylvania, Larry Maccherone, Distinguished Engineer of Comcast Cable, shared how the company is uniquely positioned for success in their agile approach to achieving a DevSecOps cultural transformation. 

Maccherone’s professional background heavily revolves around data analytics and Lean-Agile, and he started his first business while still an undergraduate at university. “I’ve been a serial entrepreneur throughout my entire career. My first business had 80 employees and made US$20mn annually in sales,” explains Maccherone. “We were writing software that controlled a large portion of the world’s power generation, and it meant that if hackers exploited a vulnerability in the software, then it potentially brought down the world’s power grid. We got really skilled at writing software that didn’t have exploitable vulnerabilities.” 

Upon joining Comcast in June 2016, Maccherone became responsible for overseeing the company’s DevSecOps transformation. “I have a love/hate relationship with the term DevSecOps. I believe that if you’re doing DevOps right, then the security part is automatically included,” he explains. “You don't call it DevTestOps or DevPlanningOps, it’s just DevOps. However, what I do like about DevSecOps is the emphasis on security. My definition of DevOps and DevSecOps is essentially the same. I define both as empowered engineering teams taking ownership of how their products perform in production, including security. When you get development teams owning the problem, you get a fundamental difference in decision making.”

Maccherone believes being able to change mindsets and adopt security practices into daily activities is a primary goal of any DevSecOps initiative. However, he states that it’s impossible without healthy collaboration and mutual trust. In order to achieve that level of trust, Maccherone introduced a trust algorithm. “The trust formula has three terms combined in the numerator: credibility + reliability + empathy which are all divided by apparent self-interest,” he explains. “It’s important that the apparent self-interest is as small as possible, with an emphasis on shared interests.” Maccherone believes that understanding and embracing each pillar of the trust algorithm is vital to success in DevSecOps. “Credibility means that you know what you’re talking about and it’s important that you’re not just saying things for the sake of it or repeating something you’ve read,” explains Maccherone.

Change management is a key driver to Maccherone and Comcast’s strategy. “The traditional way of gathering a response was to produce surveys. However, we found that the behaviour didn't change,” he says. “We decided on a framework that we can coach from and enable the developers to reflect on whether or not they meet the criteria. If we send an email to them then we get almost no response. However, if we sit with them and allow them to ask questions directly then they instantly start changing their behaviour.”

Perhaps more than any other factor, Maccherone recognises the value of forming strategic business relationships in order to realise long-term success. “We’re at the forefront of DevSecOps, and lots of our vendors see that,” says Maccherone. “We’re constantly searching for vendors that are trying to design their products to fit in with the direction we’re going.” Maccherone believes that without developing such robust and long-standing partnerships, the challenge of reaching the level of success Comcast has achieved would have been significantly harder. “Our vendors are a key to our success and we’re extremely excited and happy with the current set we have,” beams Maccherone. “They align well with our values and that’s been the differentiator to finding ways to reduce our security risk.”

Share

Featured Interviews

Featured

Bob Leek

Chief Information Officer at Clark County, Nevada

Chief Information Officer at Clark County, Nevada

Read More

Mark Foulsham

Chief Operating Officer at Kensington Mortgages

At the heart of Kensington Mortgages' digital transformation strategy is the customer – in particular, understanding their unique circumstances and needs.

Read More
“Sometimes automation is seen as a panacea. We see it as one of a number of solutions, not a silver bullet.”
Mark Foulsham
Chief Operating Officer at Kensington Mortgages

Andres Andreu

Chief Information Security Officer at 2U

Andres Andreu, Chief Information Security Officer at 2U, a leading EdTech player, explains why security is critical to the present & future of education

Read More

Martin Baschnagel

CTO and Group Chief Enterprise Architect at Migros Group

Martin Baschnagel, CTO & Group Chief Enterprise Architect, Migros Group, reflects on his career, proudest achievements & future trends in the tech industry

Read More

Jonathan Eaves

CEO at Edge Centres

Jonathan Eaves, CEO of Australian data centre firm Edge Centres, discusses his background, experience, and even learning to fly to build his business

Read More

Bob Leek

Chief Information Officer at Clark County, Nevada

Chief Information Officer at Clark County, Nevada

Read More