Behind the Scenes with Delinea’s SVP of Engineering, Jason Mitchell
As part of our interview series with Delinea’s leaders, I chatted with Jason Mitchell, Senior Vice President of Engineering. Jason’s responsible for research, product development, and SaaS operations across Delinea’s entire product portfolio. He determines how Delinea’s engineering team is organized, the processes we use, and how we continuously improve the practice of building software.
By way of background, prior to joining Delinea, Jason was Head of Engineering and SaaS Operations at Ivanti, where he led the creation and launch of Ivanti Neurons' cloud-based platform. He also led product development at two successful start-ups.
Read on to get an intriguing peek behind the scenes of Delinea's Engineering group with Jason, one of our most innovative cloud technology leaders.
Q1: How did you get into this type of work? What’s your driving motivation for doing what you do?
I’ve always wanted to build something that makes a difference. With the recent emphasis on digital transformation, every business is putting technology front and center. But IT people are constantly under-resourced—they’re dealing with so many things. If I focus my energy on helping IT, it helps entire businesses. My goal is to help those who are out there trying to leverage technology to help their business be more successful.
I fell in love with software development because of the technical challenges. But midway through my career, I realized that I could solve more problems and bigger problems in a more effective way if I got into managing engineers. Even with more responsibility and scope, my job is still about problem-solving.
I joined Delinea because I believed the future of cybersecurity was going to be based around identities. Delinea was already a leader in the space and still had massive potential. When the opportunity came about, I knew it was a great place to be at a great time.
Q2: How has the shift to continuous delivery changed how the Delinea engineering team builds and delivers products?
We’ve made a commitment to continuous delivery. Every time one of our engineers checks-in code, they’re pushing it to production that same day. We’ve put an emphasis on complete automation, including test automation. There are no manual tests. Automation covers everything from the time the developer checks in the code until it goes out. That automation allows us to do quick releases and ensures top quality.
An important aspect of continuous delivery involves ongoing operations. With on-premise software, you build it and hand it to the customer and the customer becomes responsible for the software’s operations. The customer has to set up the software correctly, make sure the server is hardened, and ensure security, redundancy, and failover. With SaaS and continuous delivery, we take over this huge burden from the customer. Instead, the development teams and the engineers who write the code are also the teams responsible for the operation of the services.
At Delinea our engineers have their own dashboards and monitoring systems. Engineering teams are notified and accountable for restoring service if a service goes down. We believe that helps the engineers understand how their services are running to ensure top quality for our customers.
What I also love about continuous delivery is the feedback loop. We get immediate feedback and can implement fast changes. It’s not much of an effort to make a change because if you were just in the code, you know exactly where to make the tweak.
Q3: Speaking of feedback, how do you and the engineering team collaborate with Delinea customers to improve products?
Interacting with customers is an important part of my job and my team’s job. Support, Sales, Customer Success, and Product Management teams have natural mechanisms for getting customer feedback. But the downside of that is there are too many layers in between the engineers who are writing the features and the people who are using the features. I don’t want to get in the way of those established feedback loops. I just want the raw feedback from the customer to make it all the way back to the engineer writing the code.
We’re making it easier for customers to give us feedback. In our new platform there's a little button on the lower right corner that says “Feedback,” and that feedback from the customer goes directly into a Slack channel that all our engineers can see.
Q4: What are you hearing from customers?
The customer might say, “I love it, but I was trying to use it like this, and it didn't work." Or, “if you only added this one little thing, it would be so much better for me.” Often, a few minor tweaks can transform a good feature into a great one that hits the mark.
Q5: The topic of building security into product development is hot in the industry. How are you achieving that goal at Delinea?
Security is embedded throughout our entire product development lifecycle, as well as in our training and education.
This year we ran a "hackathon” where we had teams competing and trying to break products, and we were scoring them against each other. We made it a competition so they could learn the techniques and how hackers attack products so that they can build software that defends against these techniques.
Our pipelines have automated checks and security controls that the developer doesn't need to think about. They can just check-in the code, and it'll run an open-source scan, a vulnerability scan, and a penetration test. So, if somebody hard-coded a password or a Secret, those would be caught in our tools and would be rejected—the Secret would never reach a customer. We also use third-party tools in our automation to catch accidental mistakes.
We use our own solutions, and doing so benefits us as engineers as well as our product development process. Our engineering team is the direct customer for Secret Server and DevOps Secrets Vault.
We run Secret Server for all of our secrets, both for our own internal systems and for the other SaaS products we use. Even our engineers who are writing the code don’t have access to the secrets needed to operate the code. A developer could never get to a customer's data or onto a production server because they don't have access to it. When it’s time to deploy, the automation uses our DevOps Secrets Vault to get the credentials.
Many of the ideas that make it into the product are solutions to problems and challenges we run into. We work with and help product management because if we're hitting an issue, it’s more than likely that many other customers will also hit those issues.
Q6: What are some of the skills and characteristics you look for when bringing people into Delinea’s engineering team? And what makes them successful once they’re part of the team?
Ten or fifteen years ago we would focus on hiring people for their current technical ability. Over the last few years, our hiring focus evolved to, “what are they able to learn?” They encounter problems daily that no one else has solved and they've never seen before.
To query for that kind of ability in the interview process, you ask a question that they don't know how to answer and then you listen to them think out loud.
After we hire engineers, my job is to help them understand the mind of an attacker. How do they obtain credentials? What do they do with those credentials? How do they move around? We actually want our engineers to think like cybercriminals. Because all the products we build are designed to combat that mindset. We want them to understand what the cybercriminal typically does, how they think, and what about their personality makes cybercriminals do that. Understanding the mind of a cybercriminal will help us build better features to prevent those actions.
Q7: What advice would you give to someone trying to progress in their career as a cyber leader?
With leadership, there's a triangle of capabilities. You’ve got to have people skills, you’ve got to have process skills, and you've got to have engineering and technology skills. Especially in a bigger organization, you need to develop all three of these skills. You don't need to be proficient at all three, but you need a minimum base in all three, and you should be really strong in at least one of those areas.
The best way to grow your career is to develop an awareness of your limitations, your weaknesses, and your strengths. You can work on a weakness or limitation if you’re aware of it. If you can develop that self-awareness, it will help you in so many other ways. It's a constant, lifelong process.
There's not a better spot in security to be in right now than PAM. With Zero Trust and the switch to identity and everybody moving to the cloud, it's just a sweet spot in the center of attention.
Want to take your cybersecurity career to the next level? Check out careers at Delinea.