Shannon Lietz, Third Score
Episode Transcription:
Trac Bannon:
My friend and mentor, Mark Miller, recently introduced me to Shannon Lietz. She joined our global journalist pool for a cybersecurity and open source podcast called “It’s 5:05.”
Mark gushed about Shannon going as far as saying, Shannon coined the term DevSecOps. Okay. To be fair, everyone knows Patrick Debois coined DevOps, but neither Google nor ChatGPT agreed on where the term DevSecOps originated. That being said, I did find out that Shannon has been wildly active on the DevSecOps scene going back to 2015.
At the time. She took on responsibility for introducing DevSecOps to Intuit and helped establish DevSecOps.org.
This is where you find the original DevSecOps manifesto with signatories from prominent folks from industry, including Shannon’s colleagues from Intuit at the time: Robert Mesa, Ian Allison, Michelle Nicholson, and VP, Erik Naugle.
There are many of us in the software industry who have always included security as a fundamental aspect of all software; that said, many of us also observed the rabid implementation of agile and DevOps techniques, which was often hyper-focused on Dev and Ops leaving the security pros high and dry.
Shannon emphasized the importance of shifting security left, meaning integrating security measures early in the development process rather than treating it as an afterthought. Her work focuses on establishing a culture of security, awareness and collaboration among development, operations and security teams.
One thing is fact, Shannon has been a thought leader in the DevSecOps movement and has a love of metrics… that’s right, metrics.
The vibe I got from Shannon Leitz is one of resilience and determination. When I got the opportunity to meet her face-to-face at the RSA conference, that cemented the vibe. She’s a kickboxer with a home gym and so fearless that when we walked back to our hotels after dark, it took three of us to persuade Shannon to not walk alone.
I couldn’t quite put my finger on the source of her moxy… She grew up in LA though I swear her accent sounds like she’s from Minnesota!
Growing up in Los Angeles, Shannon was exposed to a diverse range of perspectives and experiences… her mother was an artist while her father worked as a banker.
This resonated with me so much… my mother, Janet, was an artist and an art teacher and we spent summers presenting her work at shows around the East Coast.
This unique blend sparks some pretty awesome left brain, right brain dynamics and sets the stage for a wide range of interests; Shannon also has natural intellectual curiosity.
Her initial interest in computers and technology started when her father made a significant decision. With the passing of Shannon’s grandmother, he bought a home computer.
Shannon Lietz:
I was a young kid when I got my first computer and it was my dad bought a computer after my grandma passed away. I learned basic pretty quick and from there sort of worked my way through learning more about computers.
It was a pretty cool upbringing, my mom taught me how to draw and paint… my dad taught me how to think.
Trac Bannon:
You are listening to Real Technologists. I’m your host, Trac Bannon, coming to you from Camp Hill, Pennsylvania. Each week we choose a unique guest behind leading Edge Tech innovation to explore their genuine stories, their true journeys. Technology touches nearly every aspect of our lives. It’s being driven by diverse perspectives and experiences of real humans.
You’re in the right spot to hear about the real technologists reshaping our world. Stay tuned for stories that will give you something to noodle on.
Like many techies who came of age in the late 1980s and 90’s, Shannon taught herself basic programming and kept gobbling up in information on computers. When it came time for her to pick a college major, computer science seemed like a natural fit. Her educational journey went awry, thanks to the very pointed words of a college professor…
Shannon Lietz:
I had a female computer science teacher and you would’ve thought this was gonna be a good thing. I was the only woman in the class of a hundred. So there were 99 guys and me. And I remember sitting there and she walked up and she said, this is no place for women.
Trac Bannon:
What would’ve caused a female professor to make such a discouraging comment? Shannon gives a bit of grace, wondering if maybe the professor somehow intended it as a kind warning though the seeds of doubt were sowed eventually leading her to quit.
Shannon Lietz:
Maybe she’s right. Maybe this isn’t the place for me. And when you are that young, even the smallest seeds of doubt can just cause you to just like fracture, right? And I remember getting done that year. Honestly, I don’t think it was the right school for me… I’m not sure it was the right place, but she did not help me get inspired. And so I think that’s where it started to kind of go off the rails in college.
Trac Bannon:
One of the most influential women in the early DevSecOps movement fell victim to the doubting words of a teacher, and educator. The very individuals who are supposed to nurture and inspire.
Shannon turned introspective and began to see her own superpower that is fueled by doubt… that’s right, fueled by doubt. Remember I called Shannon fearless and determined? It seems that her own spunk, mixed with doubt has a twofold impact. First, she feels despair and rejection… and then, something clicks and she speeds at it head on. As a child, Shannon learned to swim a little later than others, comparably, around 10 years old. She joined a local swim team and the coach said “you’ll never get any better.” Fast forward one year, and Shannon was the regional swimming champ. There is a certain air around Shannon that seems to say “go ahead, dare me.”
Shannon Lietz:
It was always a seed of doubt. Somebody inspires me, seed of doubt, somebody inspires you. I think that’s when most of my life is… all right, seed of doubt… and then something like clicks and all of a sudden, light bulb goes off and I just kind of rocket ship. I think they’re these peaks and valleys and I call it the trough of despair. It’s almost depressing. And then something kind of happens and all of a sudden it’s like lightning, right?
I think that’s what’s been basically my like superpower is… I’ll try, fall on my face, pick myself up, try again, and then ultimately, eventually I’ll win. So what’s interesting is a lot of people see me win, but they do not see me fall on my face, fall on my face, fall on face, and I fall on my face a lot.
But I think it’s that ability to get back up.
Trac Bannon:
After dropping out as a computer science major, her father coaxed her to go back to school. She opted for night classes at LA Valley College. It was there that she encountered another professor who would also dramatically influence her journey. As fate would have it, it was a history professor. Shannon was always a math and science geek and not a fan of history, that is, until she encountered a human who used words to inspire with vibrant storytelling.
Shannon’s College journey reads like the tale of protagonist Lemuel Gulliver in Gulliver’s Travels. Like Gulliver, Shannon suffered a series of mishaps and route to recognize ports, and often ended up on unknown and uncharted islands.
She pursued multiple majors, including computer science, anthropology, and oceanography. She kept searching for a major that combined her interests in art and science. She eventually chose biomed, graduating from Mount St. Mary’s Woman’s College.
Now in her early twenties, Shannon moved to San Diego and she has spent most of her adult life there, though her early career years had her on the road. Even though she grew up in LA, she had never really traveled. Her first trip by airplane was an international flight to London. At the time, she didn’t have a passport and had to learn the ropes quickly. She was committed to working for a large enterprise and of working closely with her boss and mentor. The result, many flier miles and lessons learned. Each role she has chosen in her career has a component where she is just “sent out into the world” and has to figure it out.
These roles all leveraged Shannon’s superpower: regeneration. She is so resilient that she reminds me of a comic book character like Wolverine or Deadpool. Like them, Shannon heals rapidly from injuries and she recovers from wounds that would be fatal to normal humans. Not only does she have a healing power, but she seems stronger, faster, and more durable than mere humans like us.
Shannon had a string of early career roles, including working with folks in Telco before landing her first security role with a company called Savvis Communications. That role evolved into Master Security Architect and one of the CISO staff. She was there for over 6 years before starting her own company: Got Metrics.
She loves using and helping others to use quantitative analysis to make decisions. You can really see her love of metrics to this day with her focus on RAVE metrics for DevSecOps. RAVE stands for resilience, adoption, velocity and errors and today, she is still driving new community-based market research.
When she was running, Got Metrics, she started to sow her own seeds of doubt and reached out to a friend.
Shannon Lietz:
Hey… you know, I think I’m a little lost. I need to figure this out. I went to work for him and some dot coms during that period, sort of like contract work here and there, and landed at Global Center just before it got bought by Exodus.
Trac Bannon:
It was her next step, her own reaction to her intense curiosity, that washed over her like a wave while attending corporate training. Another talented storyteller named Dr. Bill Hancock was presenting. He was, in essence, a historian on security. She literally had goosebumps listening to him. When he was finished, she rushed over to him and grabbed his shirt:
Shannon Lietz:
He was leaving and I remember literally like this wave of something just took over. And I got up left all my stuff ran after him, tugged on his shirt because I’m like five foot nothing… and he was like six and a half feet, six foot, six tall… tugged on his shirt. He was sight impaired, looked down at me and I said, Hey wait!
He looks down and he is like, what do you want… and who the hell are you? And I looked up boldly and I said, I’m Shannon and I wanna be like you. And he took me to dinner for a couple hours, interviewed me, and then I worked for him for years.
Trac Bannon:
Natural curiosity and a hell of a backbone. That’s another way to describe Shannon Leitz. Time and time again, she falls down and picks herself back up. Along the way, she found herself at the right places at the right time building relationship with individuals who were and are luminaries in the field of cybersecurity. She also had a close mentoring relationship with Bob Antia.
Shannon Lietz:
My nickname back then was Sparky. And there’s a lot of reasons why. I got to know all these amazing talents… and Bob Antia one day, I was challenged and he was sort of my mentor as well.
And he looked at me, he is like, Sparky, sometimes you just need to let the train wrecks happen. I will never forget that he gave me a book, the Mythical Man Month, and handed that to me. I still have the book. Amazing stuff, just a magical set of humans.
Trac Bannon:
For Shannon, her days with Exodus were some of the most exciting, though don’t let her melancholy fool you. She has gone on to lead security for Sony Network Entertainment before puddle hopping to the ITIL Giant Service Now as a Senior Security Manager.
Her next step, in 2013 led her to Intuit. She arrived as a security expert in the CISO shop and left, nearly 10 years later as the global leader for Intuit’s DevSecOps practice. This is where she doubled down on pushing the limits of innovation. She was back at the keyboard diving into the entire tech stack, from User Experience tools to backend processing, to mobile computing, to new data storage techniques.
This was also when the DevSecOps Manifesto was born around 2015. Shannon, along with a bevy of other Intuit experts forged the manifesto expanding the DevOps lens. 2015 and 2016 were a whirlwind of speaking engagements, conferences, and presentations with Shannon speaking at AWS re:Invent and the seminal RSA conference.
Shannon is quick to call out her sponsors and mentors, especially from the DevSecOps early days.
Shannon Lietz:
So for me, that was a big deal. I had Eric Noggle really sponsor my success there, and he took big leaps with me. I remember when I walked around and thought about doing DevSecOps, he put wind beneath my sail. And basically it’s one of the reasons why I think DevSecOps really took off is that there wasn’t a seed of doubt.
There was just this… we’re gonna do this. He was really encouraging. I think I had lots of debates and battles with different folks in the company over the years. But one thing that I really treasure about the culture at Intuit is that you can have a debate and go get a beer afterwards and truly make something not personal.
Trac Bannon:
I’ve had a beer with Shannon and I can attest to the magic of a debate with her. The entire DevOps community recognized the power of her voice and the importance of emphasizing security with DevSecOps.
They have fully embraced Shannon as one of the voices. Being a voice is not enough for Shannon, by the way. On her journey, she has racked up 40 cloud security patents and joined the faculty of the IANS Research organization.
Ever curious, Shannon’s precociousness got the best of her in 2021. During the lockdowns, Shannon decided to join Adobe as the VP of Security. Her focus: leading product and software security for Adobe’s digital transformation.
Shannon Lietz:
I think for me, I needed to prove that I could do the next thing. And so I needed another challenge. I truly was sort of at that point where I was kind of capping and I needed just something more. I also think for me, the pandemic was very hard because I’m a somewhat outgoing personality who enjoyed going into the office, who would walk around and work with people and take the Intuit track and actually debate quite a bit… to not have a whiteboard, to be stuck in front of a camera all day… those were really hard things for me and I think getting the phone calls and asking about what is next. Honestly, Adobe is an amazing creative company. This sounds like it could be right up my alley. They need help in ways that I can help them.
Trac Bannon:
Drawn by a challenge and an opportunity to make an impact. Shannon is a thought leader… She is a voice… one that is now welcomed by the influential leaders of the DevOps Enterprise Summit… along with names like Gene Kim, Topu Paul, John Willis, Brian Reed, and Dr. Nicole Forsgren.
If you ask her about her social media presence and the fact that she has over 120,000 followers on LinkedIn, she shrugs and says she simply writes about what she’s passionate about… it shows! She considers herself an accidental influencer.
Shannon Lietz:
I woke up one day and somebody said to me, you have over a hundred thousand followers… I was like, what? Where do you see this? They had to show me, and I was like, oh, okay. That’s interesting.
Trac Bannon:
It’s hard to believe that Shannon also considers herself to be an accidental technologist. From my vantage point, there is nothing accidental about her career. Her career has been shaped by her curiosity and by her superpower to regenerate.
The lockdowns also introduced Shannon to a new personal energy supply: Chief. Chief is a network focused on connecting and supporting women executive leaders. Women like Jennifer Leggio are also members of Chief.
Shannon Lietz:
I love Chief. We have a cohort, it’s a group of women that I’ve just become very fond of and we talk once a month and really work on our skills as executives. And then when you even start it, you’re not quite sure, but then it just kind of comes to life and all of a sudden, you have something hard to solve and there’s other women there that can help have lend a voice to what it is you’re trying to decide on.
Trac Bannon:
Shannon is using her new network as a sounding board. She’s at the point of regenerating again… she is armed with a need that she can’t find a solution to yet… so she’s going to solve her problem and then help others.
Shannon Lietz:
I just recently started third score and I’ve got a couple of co-founders.
It was something that I recently have just kind of stumbled onto as I realized that there weren’t any tools or capabilities out there to truly manage trust.
We spent so much time looking around trying to find things that are gonna work for us, trying to figure out whether or not we can trust them, whether or not they’ve got the right, you know, mechanics. And we make a lot of decisions as technologists that come from Googling and I felt like there just isn’t something out there right now that can help me to do the things I wanna do.
And so, yeah, third score has been born. I’ve got the Rave Community, which is a metrics community,
And then, DevSecOps needs a revamp. I am one of those people who’s got a whole host of passions. I am part of the Ions faculty right now. I’m on, it’s 5:05. And I just wanna do what I love. I’m actually at that point in my career where I just wanna do amazing things that are fun and help other people and ultimately help them with their careers.
Trac Bannon:
For me and for the DevSecOps community, Shannon Lietz’s seems larger than life… much like the 1960s old musical, about a fictitious woman who survived the sinking of the Titanic, the unsinkable, Molly Brown…
What would the unsinkable, kickboxing Shannon Leitz say to her younger self?
Shannon Lietz:
I think I would’ve told myself, find three role models to help you understand what the roadmap is for your career. Because I don’t think I learned that until maybe 15-ish years ago. And I think that what sets apart the last part of my career and the early part of my career is that I finally started looking around and finding that there was interesting people who had already carved a path in something or they carved out something that would allow you to be successful in following their footsteps.
Trac Bannon:
And that’s a wrap for today’s episode of Real Technologists. I want to thank my guest, Shannon Lietz for sharing her story. Your insights and experiences are truly inspiring. I’m grateful for the opportunity to share them with the audience. This podcast is a Sourced Network production and updates are available weekly on your favorite audio streaming platform. Just search for real technologists and consider subscribing. Special thanks to our executive producer, Mark Miller, for making this show possible. Our editor and sound engineer, Pokie Huang has done an amazing job bringing this story to life. Thank you both. The music for today’s episode was provided by Blue Dot Sessions, and we use Descript for spoken text editing and audacity for the soundscaping. The show distribution platform is provided by CaptivateFM making it easy for our listeners to find and enjoy the show.
That’s all for today, folks. This is Trac Bannon. Don’t forget to tune in next week for another intriguing episode of Real Technologists and something new to noodle on.
Episode Guest:
Shannon Lietz is an award-winning innovator with several decades of experience pursuing advanced security defenses and next generation security solutions. Ms. Lietz has held numerous roles throughout her career with a focus on Offensive Security, Product Security, Application Security, Cloud Security, DevSecOps, and Threat Intelligence.
Previously, Ms. Lietz operated a 24×7 DevSecOps team that specialized in Adversary Management at Intuit. She has worked for and consulted with many of the Fortune 500. Her work has been instrumental in changing how companies implement software security and has brought critical focus to security metrics. She holds 41 Cloud Security patents, Start-up Advisor, Community Whisperer, RSA Program Committee, Glynn 100, and dedicates time to mentoring and coaching.
Ms. Lietz is an IANS faculty member and holds a Bachelor of Science degree in Biological Sciences from Mount St. Mary’s College.
Episode Guest:
Shannon Lietz is an award-winning innovator with several decades of experience pursuing advanced security defenses and next generation security solutions. Ms. Lietz has held numerous roles throughout her career with a focus on Offensive Security, Product Security, Application Security, Cloud Security, DevSecOps, and Threat Intelligence.
Previously, Ms. Lietz operated a 24×7 DevSecOps team that specialized in Adversary Management at Intuit. She has worked for and consulted with many of the Fortune 500. Her work has been instrumental in changing how companies implement software security and has brought critical focus to security metrics. She holds 41 Cloud Security patents, Start-up Advisor, Community Whisperer, RSA Program Committee, Glynn 100, and dedicates time to mentoring and coaching.
Ms. Lietz is an IANS faculty member and holds a Bachelor of Science degree in Biological Sciences from Mount St. Mary’s College.