[00:00:00]

Ashish Rajan: Welcome to Cloud Security Podcast. This is a conversation from the AWS Podcast Studio in AWS re:Invent. I've got Nana with me. Hi Nana, thanks for coming to the show.

Yeah, hi, thanks for having me.

For people who may not know who Nana is, if you could just give us a bit of background.

Could you tell us a bit about yourself and what do you do?

Nana Janashia: Yeah what I'm known for the most is TechWorld with Nana, which is the channel that we started around four years ago already.

Okay. And I distilled the mission, or I tried to come up with a one liner of what we do. And it has been our mission since the beginning, and it has stayed the mission, to basically make it easier for the engineers to keep up with the learning of new concepts technologies and everything that's going on in the devops and cloud space because I think every engineer would agree with me that when they started their journey into I. T. It was like he's this huge jungle that they had no idea of where to go, which direction to take. They would need like lots of mentors and they probably learned a lot of the things that they were like, what [00:01:00] is all this? It doesn't make any sense. So they had to put the pieces together.

And at some point, like two, three years down the line, it all made sense. So my mission is to make that journey simpler for the people who are getting one in IT, like zero background. But also people in IT getting into the DevOps who have the same experience.

Ashish Rajan: Oh, actually, that's very well said also because I think, and maybe it would be interesting to hear your thoughts on this.

The way we describe on Cloud Security Podcast is that we're trying to democratize cloud security for everyone. That's the word we've been using. Feel free to steal it. It's not my word. It's just been there for a while. And the idea is to make it available for everyone, that's pretty much the foundation of it as well.

The reason I say it's interesting is because a lot of the conversations we had here, a lot of people have come for the first time to reInvent, including yourself, so I would love to know your experience, but a lot of people have also found that now you get opened up to this world of AWS, and you walk around the expo hall, there's so many services, there's a picture of Jenkins, there's a picture of [00:02:00] something else.

There's a Kubernetes picture somewhere and going, okay, I don't even know where to start with this. But before I go into that, how's your re:Invent experience been so far? It's your first one. Is that right?

Nana Janashia: Yeah. So it is. It's extremely different from how my typical day looks like. So this is completely what I'm not used to.

This is my very first conference ever since we started the YouTube channel. It's been really like us sitting in our home office in Vienna, Austria, where there's not much tech going on and basically just, creating these YouTube videos and courses and talking to everybody, obviously like around the world, especially in Silicon Valley, online, like through video calls.

Yeah. And this is the first time we actually meeting the in person talking to them. And obviously the highlight is always as I walk from one event to another, bumping into people who are like, Hey, are you Nana from TechWorld with Nana? And like people were just coming up to me and being like, I got into DevOps because of your videos.

Or I got a job because I watched your videos. I have seen every single one of your videos. Like this kind of stuff is [00:03:00] just just amazing because I never got exposed to these as I was sitting. Literally in my home office for the last four years.

Ashish Rajan: Yeah, fair enough. And I think, do you find how is the American experience?

Is this the first time in the U. S.?

Nana Janashia: No, I actually, I was a exchange student in U. S. A. back in 2008. Obviously, this is a different experience because California is like its own world, obviously. Yeah. And as a tech person, an engineer. But yeah, it's been, it's really cool.

It's really cool.

Ashish Rajan: And the conversations you've been having at re:Invent, have they been more around I think, where I'm going with this is in this kind of where the initial thought was a lot of people have been introduced for the first time, but there's a fire hose of it as well. What do you see as, what are people asking from you for the DevOps part?

And I, maybe even I'll take a step further. What is something people should look at for 2024 as a skill set?

Nana Janashia: Yeah, so at re:invent specifically, I have had very little technical conversations out there because most of them were focused on like how great the work is. And basically [00:04:00] people telling their stories of like how they got into I. T. or DevOps or cloud or whatever because I'm always interested to know what was the first step? What was the entry point? The thing that spiked your interest in the first place that you decided, I'm gonna do this to myself and, throw myself into this world of overwhelming technologies and everything.

So that was like very less of the technical talk and more this kind of personal stuff. Yeah. But I definitely get a lot of these trends and concepts from the community online. So people commenting on the videos, people commenting on the LinkedIn posts. So I get a lot of this pulse of like, where's the trends going, where the concepts going.

So it's both ways. So of course, I am the one who says to the community these are the things that, companies are doing. These are the things that the trends, but I also get this back from the community because when people start asking questions about the certain topics, I know that this topic is becoming the next thing.

Oh, so it's that's where the interest [00:05:00] is going. And that was with DevSecOps. It was exactly that. So we did a poll on LinkedIn and we asked people, what course do you want us to release next? And DevSecOps got the highest rates even though the other stuff were actually pretty mainstream, I would say.

It was to my surprise, because of DevSecOps top there and really stood out, actually. And because of that, we decided to do DevSecOps, because otherwise, my intuitive reaction would have been, Yeah, security DevSecOps like DevOps is still new security is complex. So I don't yeah, like it's maybe too soon.

I'm curious.

Ashish Rajan: What's the other options? What were the other options?

Nana Janashia: I think we had Docker course, okay, which is

Ashish Rajan: pretty

Nana Janashia: mainstream. Yeah, we had Golang. Oh, yeah. Golang. Yeah. What else? I think we had GitHub actions.

Ashish Rajan: Pretty general engineering stuff, which is pretty mainstream as like just how to use GitHub and engineering around it as well.

Okay, but people chose DevSecOps. Yeah, they did. I wonder, was there a reason, like [00:06:00] in terms of conversations you're having, why DevSecOps was picked up by them? Were you ever able to get to the bottom of that?

Nana Janashia: I haven't, but I have a theory. So my assumption is because of course the trends are driven by two sides, right?

They're the individual engineers who work on stuff and create stuff. And there are companies who, demand the skill set, right? Yeah. So I think this one was more driven by the companies because for them, the security aspect was so important when they introduced DevOps that People were engineers were like, okay, companies required like security skill in DevOps.

So that's where what I need to learn. And we also saw that in the numbers, like when we released the course. We had probably like around 50 percent of the purchases were from the companies which we haven't seen on any other courses. Even though we we didn't even advertise it to the companies, like we didn't word it or formulate it.

It was like B2C people, engineers, this is a cool skill that companies need. But it wasn't like [00:07:00] directly talking to the companies.

Ashish Rajan: So you have companies buying DevSecOps Bootcamp?

Nana Janashia: Yes, yeah, for their employees. Wow.

Ashish Rajan: And so actually maybe worthwhile digging a bit more deeper into it as well.

How do you describe DevSecOps for people on the other end. It's like asking people definition of DevOps. Everyone has a definition. What is your definition of DevSecOps?

Nana Janashia: Yeah, so my definition of DevSecOps is DevSecOps is basically DevOps. But people, when they started implementing DevOps in practice, they forgot about the security.

They were like, yeah let's focus on the cool stuff like, making everything faster, the feature deployment. So they missed the security part. So DevSecOps concept was introduced to re highlight or reintroduce the importance of security. And that was like, hey guys, did you forget something maybe like security?

Yeah let's put that as a own concept. So you don't forget about it. Yeah. So that is how I view it because security, when you go back to the definition of DevOps, security has to be part of it naturally.

Ashish Rajan: I think even the book called it out, the Phoenix Project, that calls it [00:08:00] out as well, that you should have security in there.

But to what you said, most people forgot that part, so marketing had to come up with a term for DevSecOps. Yeah. Although, there's if you talk to cybersecurity people, there is a whole there's an Apple Android conversation. There's a similar, there's a SecDevOps and DevSecOps conversation as well.

People are like, Oh, I think it should be SecDevOps. I'm like I that's a marketing did a good job. But now that you've described it, I think I feel a lot of the audience that we have are cloud security people. They're working in the DevOps and they've transitioned over from DevOps onto the cloud security side or transitioned from that to the cloud engineering, cloud security engineering side.

In terms of describing, laying it out for them. How do you see the different components of DevSecOps that people would use? And maybe you've found in your research that if you know these things, these are good skills to have the DevSecOps, quote unquote DevSecOps person in an organization.

Nana Janashia: Yeah Because DevSecOps is what DevOps is, then it goes back to defining what DevOps is and what are the main responsibilities.

Because when you think about the DevOps role alone, even if we put security aside, [00:09:00] You have this role that has to know too many things, right? I think it's not even like an argument. This role has to know too many things. And I don't think it's possible for one individual person to know many things in a deeper level.

So naturally it requires for DevOps to become like the abstract level role. And then all the underlying teams to be like, Okay, so when it comes to like really deep hands on implementation, you guys are there to take over and either take over the thing that DevOps engineers set up and continue maintaining it and configuring it or work together on both sides.

And when security comes into the picture, then you have the security engineers, the compliance team, right? So maybe per team or per organization, that is another team that DevOps has to manage somehow. Because, as I said as a DevOps engineer, you can know development, security, and operations. And it's just like every single one of them is a huge topic.

So [00:10:00] I see it as like an abstract role that kind of coordinates and orchestrates that the other teams collaborate with each other to make sure that the overarching thing exists. Because when you're an engineer that is focused on web development, let's say, and security engineers, they have their own tasks as a priority.

And even if you have this enforced organizational things like, teams working together. Sometimes they may forget about like the higher goal, like what is the overarching goal of all the teams combined? So there needs to be someone there that says, cool, that you guys did your job.

You guys did your job. Now let's, let's remember to collaborate. So enforcing that.

Ashish Rajan: Yeah. Yeah. And would you say in terms of cause I'm thinking about some of the audience members we have a lot of people who, to what you said about people's experience in IT we have a lot of people who are experienced in cyber security, but they haven't transitioned to the cloud yet or to DevOps yet.

That's I think even Werner on his keynote today spoke about the fact that people have [00:11:00] forgotten about the fact that it used to take months or years before you can get an actually get a hardware and I was joking to someone else about this as well. This reason called waterfall ITIL methodology and the idea behind that was simple that oh if I want to build an application it's gonna be a three year project and I would have these so I was required So there's like a whole I mean on one side was like, you know you knew exactly what are you gonna get at the end of three years but at the same time you couldn't pay for it really if you wanted to as well and a lot of those folks are being introduced to this world of now they're coming here. They're like, OhI have to learn AWS, I have to learn DevOps. I have to learn agile. I have to learn all these different terms that I've never considered in my life, but I have, I don't know, 10 years, 15 years of IT experience or 10, 15 years of cyber security experience.

What's your recommendation for people who already have some IT experience in some fair way? I feel like cyber security or whether it's IT in general, it's like in a similar boat. It's just a different lens on the same thing. How would you describe them starting off the transition [00:12:00] to a DevOps or a cloud kind of skill set in 2024?

Nana Janashia: I think the challenge people who have this large experience in the industry is not the technical skills, but the way they work. So basically they have to unlearn the way they're used to working. Not only themselves, but like how do we work within a team? How do different teams work together in the organization?

Because when they have been working in a certain way for 10 years, they have to unlearn the things first and then learn a new way of working because I think the technology part is the easy one because you just learn like new technologies and you apply the concepts that you learned like on premise, maybe to the cloud.

So of course there's a learning curve, but I don't think that's as challenging as the working methodology. So as you mentioned, like waterfall to agile and because of that, I also think that people who are relatively new to IT have sometimes an advantage and easier time getting into these newer fields like DevOps and Cloud because they [00:13:00] don't have this baggage that they're carrying around.

Ashish Rajan: Yeah, they're not walking out of the baggage of old ways of doing things, mention a good point as well around applying the known skills onto a unknown environment. Isn't that why most of us join technology? Because it keeps changing. We're always learning. And I wanted to also talk about what is a resource, obviously I'd recommend TechWorld with Nana as a great resource to go on and learn more about DevOps, Cloud and DevSecOps as well now. What would you say are other resources that you normally recommend people to? And I would say, I can imagine it's an exhaustive list for most people as well.

Is there like number one or one or two things that come to mind that, hey, that's really a good place to go for learning about DevOps or Kubernetes? Because I was surprised by how many people are not looking at Kubernetes seriously over here. I don't know if you felt this as well, but most of my conversation, every time I would mention Kubernetes oh, yeah, we have that somewhere in the environment.

I don't know, did you have a lot of conversation? I have the same impact, to be honest. [00:14:00] So I have the same impression that, Kubernetes is becoming the standard. Yeah, but I think that the reason is because it is becoming standard, but people are still against it. So they're still resistance.

Nana Janashia: They're like trying to be like, yeah, maybe kubernetes but

Ashish Rajan: it away from me because I do because I think that's an interesting one. Because the more I spoke about Kubernetes, and I'm like, if you think about the number of people who came here, I think 50, 000 people came here and all doing AWS, and most people, I think we spoke to a lot of people over the past few days, no one wants to talk about Kubernetes, and we're like, okay, this is a bit weird, and I met someone, Liz Rice, she's a hero So Liz is a good friend and she was here and she's talking about there's not a lot of kubernetes conversation even for her.

And I think it's funny when people who are known in that kubernetes space, they come into a cloud world, suddenly no one talks about kubernetes. They're like, wait, I thought this was a world. Isn't this?

Nana Janashia: I thought everything revolves around kubernetes.

Ashish Rajan: Yeah, but the reason I [00:15:00] say that is like, maybe because we're based in London, and I wonder if we have a bias in Europe in general, because there's a lot of big CNCF community there or do you find that US is not as adoptive of Kubernetes? Do you see that in the conversations you have where it does come up, but not as much? You would have a lot more DevOps conversation rather than a Kubernetes conversation in the US, but in Europe, it would be a mix of Kubernetes and AWS and DevOps.

Nana Janashia: Yeah maybe the Kubernetes. Yeah you're actually right. Maybe in USA, U. S., the Kubernetes is like more talked as a part of something else rather than its own topic. Maybe cloud. So instead of talking about, DevOps Kubernetes, like talking about cloud and cloud native and then Kubernetes is like implied in that.

Yeah, there may be the case because I think the only reason we're popular is because of the cloud space. I'll say that as well, because we started four years ago and it's primarily, with the name like Cloud Security Podcast, there's no one else coming on that anyways. So I think we started opening the Pandora's thing for Kubernetes, but we [00:16:00] realized that even, and maybe it's something that you can, I think I definitely went to your videos for Kubernetes knowledge when I was trying to learn it, I was like, Oh, I don't know where to learn this.

Ashish Rajan: And I'm like, Oh, you had some videos. I'm like, Oh, great. At least someone has covered this. So is there something specific for Kubernetes that you recommend for people for coming from an IT or security background?

Nana Janashia: I don't know if there are new resources that have been created, but my problem was that when I started working with Kubernetes full time as a Kubernetes administrator and teaching others how to use and deploy to that, I didn't have any resources like it was so bad, the documentation was probably the only place that I could actually go to reference the stuff, but usually documentations do not cover The, what if something goes wrong?

And what if this doesn't work? And that doesn't work? So they cover the happy path. Yeah. So that was my issue. I couldn't find structured resources, not even structured just explaining the concepts like in a simple way, like separately, even individually. I am sure that there are some new [00:17:00] resources have been created since then.

I haven't looked into that space, but there was a reason why we created the Kubernetes Playlist. So we started the YouTube channel with the Kubernetes Playlist. Oh, that was the beginning. That was the beginning. That was the first project. So it wasn't even one video. I planned out the entire playlist.

So we basically said let's create this playlist from start to finish like the individual videos. Yeah. When the playlist is done. Our job is done. So that was the project basically. So we started with Docker as a prerequisite and then Kubernetes.

Ashish Rajan: Oh, okay. So the entire pack, obviously you can not do Kubernetes back in the day without knowing Docker.

Now there's a whole, anyway, I'm not going to the rabbit hole, but I'm sure people get bored by that as well because they've heard it enough time, hopefully. I guess I've got a couple more questions, but they're not technical. That's most of the technical questions I have. I've got three fun questions for you.

That's what we do in the podcast as well. First one being where do you spend time on when you're not working on technology?

Nana Janashia: I work most of the time, I have to admit. but my work is split between learning technology, [00:18:00] working with technology, talking to engineers, creating content.

And the other half is more like administering the whole thing, because it has become the full time thing, running the YouTube channel, running the courses, we have, I think, already 6, 000 students or something, and all of that is management, because students have questions, and we have a support team that answers those questions, so that is like the administrative part and like the fun thing that I do except for working is I would say travel.

Okay. So I usually, that, that is a thing that motivates. If I'm in my home office and I'm like, the weather is bad outside and I'm, I have been, researching for six hours or I'm bored or whatever. I usually look up on, on booking. com, like nice hotels, places to travel to that gives me motivation.

Oh, okay. That maybe let's. It's time to book the new holiday or destination.

Ashish Rajan: That's definitely a good habit to have. I wouldn't deny that. Second question being, what is something that you're proud of that is not on your social media?

Nana Janashia: Oh I think I'm proud of my discipline [00:19:00] that I've developed to stick to the things even if they are boring.

Ashish Rajan: Oh, that is deep. But I would, that is hard as well. I don't think it's easy. So I'm proud of you as well. Wait, so you've been able to stick to a discipline, even if it's boring for a long time?

Nana Janashia: Yeah, because the thing is, I have this, a lot of people have this as well, because when you have lots of ideas, when you have lots of interests, it always seems fascinating to, oh, let me do this and let me do that.

But often if you want to move into a direction in a certain thing, you have to stick to that, and you have to just forget all the distractions. You're like, yeah, interesting, for later. So I discipline myself to stick to the thing and not look like left and right, and just go with it, even if it becomes the routine and mundane and boring, just go with it.

Ashish Rajan: You should talk to my wife. She'll tell you all about how non routine I am, like she's laughing on the other side over there. But yeah, that's a great thing. I'll definitely find inspiration there as well. Last question. What's your favorite cuisine or restaurant that you can share?

Nana Janashia: [00:20:00] Oh food wise, I love sushi, that is like top of my list. But maybe I'm biased, my favorite cuisine is actually Georgian, so I'm, I am from Georgia. Oh. And,

Ashish Rajan: But you love sushi, but your favorite cuisine is like

Nana Janashia: Yeah, so sushi is top, and then come all the Georgian foods, basically. Oh, okay. I mean

Ashish Rajan: Like the Georgian dumplings what's your favorite dish?

Nana Janashia: Yeah, the dumplings is my favorite. And then we have a couple of other, which is specifically from my region where I come from. And we have spicy, like very spicy stuff because we use a lot of spices as well. Oh, so I miss the tastes and like this rich flavor sometimes.

But yeah. Of course I'm biased.

Ashish Rajan: No, that's totally fine. I can be biased as well. I'm going to take some notes on what these are cuisine is because I think London has a lot of Georgian restaurants And yeah, so I think there's one close to our house as well Where can we find you on the internet to connect with you and learn more about the DevSecOps bootcamp you're running and that all the other amazing work you're doing.

Nana Janashia: Yeah, so three platforms. Okay. We use YouTube for creating educational content we use, or I use [00:21:00] LinkedIn to put out stuff about like behind the scenes. If someone wants to learn about how you know, I do all these and the process behind and then we do we use Instagram Stories for like behind the scenes, like very real time content.

And those are also the platforms where I am the most responsive, even though I'm very not responsive. But yeah.

Ashish Rajan: Thank you sharing that, I'll put that in the show notes as well. But thank you so much for coming on the show. Really enjoyed the conversation. I look forward to having more conversations about this.

And as you evolve the DevSecOps piece as well. Thank you so much for coming on the show.

Nana Janashia: Yeah, thanks. It's been fun.

Ashish Rajan: Thank you for everyone watching and listening as well. I'll see you in the next episode. Peace.

‍