
Dear Sloan,
Sloan provides advice on the topics of software security, devops, devsecops, and more. When you need advice, encouragement, want to share your thoughts or questions, just ask Sloan 📧. Together, we’ll make cyber a safer space.

- Hashes, Hashes, We all Fall DownHi Sloan, I’ve always relied on hashes to identify threats across our network. We recently hired a new security engineer who insists relying on hashes isn’t enough. Who’s right here? …
- Zero-Day Doom and GloomHi Sloan,When recent vulnerabilities like log4j and Spring4Shell were first reported, I heard them described with the words “zero-day”. It sounds pretty dark, like the beginning of the zombie apocalypse …
- Agile and DevOps – Puzzled In PittsburghDear Sloan, Agile and DevOps – Are they the same thing? My company calls itself Agile, but my bosses tell me that we’re “DevOps.” Are we both? Neither? Is this …
- Lost on Open Source Licenses in Los AngelesDear Sloan, I was told that an open source license for one of my OSS components that I am using in a work project is “too restrictive” and that I …
- Cybersecurity and SBOMs – I’m Stumped in SeattleDear Sloan, What’s an SBOM? Is it part of cybersecurity? I hear people at work talking about this, and I’m afraid to ask. I am stumped, I don’t want to …
Cybersecurity and SBOMs – I’m Stumped in Seattle Read More »
- Open Source Software: To be, or Not to be Free?Dear Sloan, I’m an experienced project manager, who recently took a job in technology. Coming from the healthcare industry, I have a lot to learn about all of the terminology …
- Malware – Malicious Apps in AnnapolisDear Sloan, I have heard much about malware, malicious apps being secretly installed on my devices. Is it safe for me to assume that if I download an app from …
- Dependency Confusion – I’m Dazed and ConfusedDear Sloan, I am confused about dependency confusion attacks. I’m dreading the topic of dependency hijacking. I’m also not good with namespace confusion? And I’m in a real tizzy about …
- Shift Left Left Me Up Schitt’s Creek – Help!Dear Sloan, I’m up Schitt’s Creek without a paddle, and I don’t know what to do. My leadership team told me to get the team to shift left. What is …

- Hashes, Hashes, We all Fall Down
- Zero-Day Doom and Gloom
- Agile and DevOps – Puzzled In Pittsburgh
- Lost on Open Source Licenses in Los Angeles
- Cybersecurity and SBOMs – I’m Stumped in Seattle
- Open Source Software: To be, or Not to be Free?
- Malware – Malicious Apps in Annapolis
- Dependency Confusion – I’m Dazed and Confused
- Shift Left Left Me Up Schitt’s Creek – Help!


agile course list cybersecurity CycloneDX dependency dependency confusion developer developers devops DevSecOps exploit governance policy Guides Improve Quality learning path license risk licenses Lifecycle Lift malware mitigation NXRM open source open source licenses oss Policies quality risk reduce oss risk Reduce risk Remediation rewrite risk risk tolerance SBOM SBOMs search-indexed secure Secure Coding Security security risk shift left software-supply-chain typosquatting vulnerabilities what is

Open Source Software Licenses – What You Need To Know
Better navigate the complex world of Open Source Software (OSS) license terms
Introduction to DevSecOps
Build a foundation of knowledge around "DevSecOps" and better understand how it can benefit you and your organization
Repository Management Basics
Take the first steps in putting Nexus Repo to work for you