
Dear Sloan,
Sloan provides advice on the topics of software security, devops, devsecops, and more. When you need advice, encouragement, want to share your thoughts or questions, just ask Sloan by posting your question in the comment box below. Together, we’ll make cyber a safer space.
- Hiring Challenges in HanoiDear Sloan, As part of my role in HR, I’ve recently been tasked with finding an experienced DevOps Engineer to join the small, fully remote development team within my organization. …
- Cybersecurity: Top Five Tips in TillamookDear Sloan, Your advice articles are great, and your recent articles about the risks of using open source software (OSS) were very helpful. Sloan, could you please share your top …
- Nervous About the National Cybersecurity Strategy in NantucketDear Sloan, I’m seeing a lot in the news about the National Cybersecurity Strategy rolled out by the federal government. While news sources have provided an overview of what it …
Nervous About the National Cybersecurity Strategy in Nantucket Read More »
- Tangled Up in Transitive DependenciesDear Sloan, I just started a new job, and my first priority is to reduce our project vulnerabilities. When I investigated, I found that our most severe vulnerabilities are due …
- Making Progress on Dependency Management in ManilaDear Sloan, I’m a newer developer, and am experiencing the dreaded “dependency hell” for the first time. My team is starting to manage dependencies better, but I would love some …
Making Progress on Dependency Management in Manila Read More »
- Contributor Wannabe in CairoDear Sloan, I’ve recently graduated from university with a degree in Software Engineering. I have spent the better part of the last six or so years learning about open-source software …
- Bothered by BrandjackingHey Sloan, You may remember when I wrote to you about typosquatting a few months ago? Your article helped me a lot, and I read up on the most recent …
- Software Supply Chain Query from São PauloHello Sloan,My peers sometimes talk about the “software supply chain” or our “supply chain management.” I’m a programmer and don’t really get the connection of supply chains to our work. …
- Terrified of TyposquattingDear Sloan, I’m a developer who works with a lot of open source software (OSS), and another developer told me to look out for typosquatting attacks. Is that a type …
- Distressed over OSS in InvernessDear Sloan, I started a new job with a software development company at the end of last year. I work in HR but am in a physical workspace with the …
- Containers Crash Course Needed in Cape TownHello Sloan, I just started a new job and everyone at my new company loves using containers. I am familiar with the concept on a basic level, but can you …
- Hashes, Hashes, We all Fall DownHi Sloan, I’ve always relied on hashes to identify threats across our network. We recently hired a new security engineer who insists relying on hashes isn’t enough. Who’s right here? …
- Zero-Day Doom and GloomHi Sloan,When recent vulnerabilities like log4j and Spring4Shell were first reported, I heard them described with the words “zero-day”. It sounds pretty dark, like the beginning of the zombie apocalypse …
- Agile and DevOps – Puzzled In PittsburghDear Sloan, Agile and DevOps – Are they the same thing? My company calls itself Agile, but my bosses tell me that we’re “DevOps.” Are we both? Neither? Is this …
- Lost on Open Source Licenses in Los AngelesDear Sloan, I was told that an open source license for one of my OSS components that I am using in a work project is “too restrictive” and that I …
- Cybersecurity and SBOMs – I’m Stumped in SeattleDear Sloan, What’s an SBOM? Is it part of cybersecurity? I hear people at work talking about this, and I’m afraid to ask. I am stumped, I don’t want to …
Cybersecurity and SBOMs – I’m Stumped in Seattle Read More »
- Open Source Software: To be, or Not to be Free?Dear Sloan, I’m an experienced project manager, who recently took a job in technology. Coming from the healthcare industry, I have a lot to learn about all of the terminology …
- Malware – Malicious Apps in AnnapolisDear Sloan, I have heard much about malware, malicious apps being secretly installed on my devices. Is it safe for me to assume that if I download an app from …
- Dependency Confusion – I’m Dazed and ConfusedDear Sloan, I am confused about dependency confusion attacks. I’m dreading the topic of dependency hijacking. I’m also not good with namespace confusion? And I’m in a real tizzy about …
- Shift Left Left Me Up Schitt’s Creek – Help!Dear Sloan, I’m up Schitt’s Creek without a paddle, and I don’t know what to do. My leadership team told me to get the team to shift left. What is …

- Hiring Challenges in Hanoi
- Cybersecurity: Top Five Tips in Tillamook
- Nervous About the National Cybersecurity Strategy in Nantucket
- Tangled Up in Transitive Dependencies
- Making Progress on Dependency Management in Manila
- Contributor Wannabe in Cairo
- Bothered by Brandjacking
- Software Supply Chain Query from São Paulo
- Terrified of Typosquatting
- Distressed over OSS in Inverness
- Containers Crash Course Needed in Cape Town
- Hashes, Hashes, We all Fall Down
- Zero-Day Doom and Gloom
- Agile and DevOps – Puzzled In Pittsburgh
- Lost on Open Source Licenses in Los Angeles
- Cybersecurity and SBOMs – I’m Stumped in Seattle
- Open Source Software: To be, or Not to be Free?
- Malware – Malicious Apps in Annapolis
- Dependency Confusion – I’m Dazed and Confused
- Shift Left Left Me Up Schitt’s Creek – Help!


Open Source Software Licenses – What You Need To Know
Better navigate the complex world of Open Source Software (OSS) license terms
Introduction to DevSecOps
Build a foundation of knowledge around “DevSecOps” and better understand how it can benefit you and your organization