Recently on the DevSecOops podcast, hosts Tom Walker and Scott Fletcher explored what it takes to build a modern IT environment from scratch. The pair discussed the tools that work, the ones that don’t, and how decisions should be based on people.
The conversation kicked off with a topic that’s top of mind for many: virtualisation in a post-VMware world. Despite recent backlash over Broadcom’s acquisition of VMware that made licensing more complicated and expensive, Tom made it clear that VMware still dominates on-prem environments in Australia. He believes that VMware Cloud Foundation might still be the best foundation for greenfield projects. Just plan ahead, and invest in building flexibility and longevity.
The discussion then shifted to SIEM and logging. Scott emphasised that there’s no shortage of options, but not all are created equal for every business. For Scott, Splunk is still the best pick but only for mature teams that possess the skills to run it. He then mentioned that Sentinel might be the easier choice for those teams that are comfortable with Microsoft’s ecosystem, meanwhile ELK is still a good option for lightweight setups. The bottom line is it’s never about the technology that has the most advanced features but the technology that the team can operate.
The hosts then talked about code repositories. While GitHub is the obvious go-to for its usability and integrations, the platform is limited when it comes to secure environments. Tom then suggested GitLab as a strong all-rounder and Atlassian, the homegrown Australian solution. But then, organisations are free to choose from these options as long as it meets their stack and regulatory needs.
Scott also highlighted how the game has completely changed. Nowadays, discovery isn’t about networks anymore, it’s about identities and exposure. He mentioned that RunZero helps map internal systems without agents, while Wiz and Tenable offer a broader look at attack surfaces. However, Scott said that these tools can only help if the organisation has mastered the basics already. These include understanding who has access, how they got it, and what happens next if something goes wrong.
Moving on, the hosts emphasised the importance of choosing a backup solution that works across environments, whether it be on-prem, cloud, or SaaS. Tom recommended Commvault for its Metallic Saas integration, while Scott put a good word for Rubrik’s strong security practices. Nonetheless, the two advised teams to not stick with what worked ten years ago. Backup strategies should evolve as fast as your infrastructure.
Ultimately, Scott and Tom put a focus on what matters the most. First, choose tools that your team can realistically support. Second, prioritise integration across your environment. And most importantly, focus on what the business needs and what works for it.
