Skip to content
View 6mile's full-sized avatar

Highlights

  • Pro

Organizations

@buildstack @securestack-training

Block or report 6mile

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
6mile/README.md

my banner

My name is Paul McCarty and I'm the founder of SecureStack. I like to describe SecureStack as the world's first DevSecOps Maturity Platform because we help our customers assess and then accelerate their DevSecOps journey.

💫 About Me

I am a DevSecOps evangelist and thought leader obsessed with applied application security and securing the software supply chain. I like to say that I'm a technical founder who likes to work at the intersection of product delivery and security. I have built and led multiple product delivery teams: for the government, in the private sector and for my own startup, SecureStack.

I am a frequent public speaker and have presented at many events including: OWASP, SecTalks, CrikeyCon, TuskCon, RSA, AISA, and multiple BSides. I am a proud father, and I used to snowboard a lot.

📫 How to reach me? paulm (at) securestack.com

My Projects

I wrote the DevSecOps Playbook in 2022 as a step-by-step guide for organizations to implement DevSecOps programs regardless of their size or industry.

The software supply chain is under increasing attack, but there is no industry standard definition of what the software supply chain is. How can we hope to secure the SSC if we don't know what's in it? This project is my attempt at creating a common definition to help organizations understand the scope and breadth of the SSC.

OSC&R is a comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain. It is a matrix style document modeled on the MITRE ATT&CK matrix. I am a contributing member to the project.

The Minimal Viable Secure Product MVSP is a minimum security baseline for enterprise-ready products and services. The baseline checklist can be used at various stages of the sales cycle, from RFP through to contractual controls. I am an original contributing member.

👥 Connect With Me

💻Tech Stack

AWS Cloudflare Azure Google Cloud Apache Jenkins Nginx Ansible Notion ElasticSearch Docker Postman Terraform

📊 Github Status

Pinned Loading

  1. DevSecOps-Playbook DevSecOps-Playbook Public

    This is a step-by-step guide to implementing a DevSecOps program for any size organization

    1.9k 325

  2. commit-audit commit-audit Public

    Shell script that checks if git commits are signed

    Shell 6 3

  3. DarkMass DarkMass Public

    Automated recon optimized for fast, efficient mass scanning

    Shell 3 2

  4. git-hunter git-hunter Public

    Find threats in your source code

    Shell 4 1

  5. ossec_automation ossec_automation Public

    bash scripts and puppet code to install/uninstall OSSEC

    Shell 1 1

  6. Redhat2Cent Redhat2Cent Public

    Redhat2Cent version 1.1

    Shell