Author of: Policy as Code - Improving Cloud Native Security
Throughout my career, I have functioned as a builder and technology leader, on a variety of platforms, with a variety of languages and frameworks. All along, I have shared my knowledge and experiences in articles/post/books, and at conferences in the US and Europe. I have even taught technology and business topics as an adjunct professor (undergrad and grad) and consultant.
NaBTF
I am a builder, focusing on Policy as Code (PaC) solutions.
I have applied PaC to solve Governance as Code use cases with the
following:
Software Supply Chain Security
Kubernetes
Cloud Computing
Authorization (AuthZ)
DevSecOps
Code Analysis
AI
I am equally comfortable as a thought leader and a weed eater.
I have led efforts to adopt cloud and Container technologies, and to control their use with PaC.
As a technology leader and serial pundit, I use my love of learning and teaching, and my knowledge and thought-leadership in cloud and container technologies, to assist organizations to discover and develop extensible and sustainable solutions.
I enable technology transformation by developing existing staff talents, designing reusable architecture patterns, and incubating new software capabilities.
Find Me!What is Policy as Code?
Policy as Code (PaC) is the use of code artifacts to manage and apply rules and conditions. Policy engines are the programs that interpret policy artifacts to apply policy decisions. The rules and conditions defined in policy artifacts help us implement standards and policies that we have created or adopted. These implementations—known as controls—apply security, compliance, governance, and best-practices decisions that are designed to prevent and react to unwanted changes within the systems we support and use.
Quotes about my book:
This book fills a gap I frequently see in many organizations looking to adopt
modern
software development practices and the cloud—how to think about automated
policy enforcement in a coherent and actionable way. The first chapter
alone is worth the price of the book and it should be mandatory reading
for any leader thinking about or struggling with cloud adoption.
— Mark Donovan, Director, WW Technologists, AWS
Policy as Code is transforming SecOps, just as infrastructure as code has transformed
DevOps! In this book, Jimmy Ray provides a fantastic foundation of PaC principles
and a comprehensive tour of solutions for platform engineers looking
to build secure self-service for developers and data scientists.
— Jim Bugwadia, Cochair,
CNCF Kubernetes Policy Working Group,
Cofounder and CEO, Nirmata
Jimmy Ray has really poured his heart and soul into this book, covering the journey of
Policy as Code in the OSS community from humble beginnings to wider adoption
as a key guardrail in protecting and governing the end state. I found it full
of practical examples and technical details that provide insight
into the various Policy as Code solutions.
— Jesse Loudon, Tech Stream Lead (Azure), Arinco, and
Microsoft MVP (Azure)
Governance as code is a deep subject which every CIO or CTO will need to implement.
Jimmy Ray breaks down the subject matter, making it easy to understand, and
gives the reader all the tools necessary to be successful in its roll out.
— Darien Ford, CTO, Madhive