John Morello is the Chief Technology Officer at Twistlock. As CTO, John leads the work with strategic customers and partners and drives the product roadmap. Prior to Twistlock, John was the CISO of Albemarle, a Fortune 500 global chemical company. Before that, John spent 14 years at Microsoft, in both Microsoft Consulting Services and product teams. He ran feature teams that shipped security technologies in Windows, Azure, and Office 365 and served as the Lead Architect of the hybrid cloud consulting team for the Americas. A self-proclaimed "public school guy," John is passionate about building out more modern curricula for cybersecurity. In fact, in May 2018 he established a Twistlock outpost at Lousiana State University’s Innovation Park in order to pay off this vision. John lives in Louisiana with his wife and two young sons. A passionate fisherman and scuba diver, he also serves as Chairman of the Coalition to Restore Coastal Louisiana.
The AI Remediation Bottleneck: Why the Software Supply Chain Demands Radical Openness
For years, the DevSecOps movement has operated on a foundational premise that if you detect a vulnerability, you triage it, patch it, and redeploy. This cycle assumes that our capability to remediate ...
Best Practices for PCI Compliance in a Container Environment
The PCI DSS compliance framework dates back to the mid-2000s, well before anyone was talking about containers. This does not mean, however, that PCI compliance doesn’t affect you if you’re running a ...
Best Practices for HIPAA Compliance in a Containerized Environment
The HIPAA compliance framework is somewhat infamous for setting high-level requirements regarding healthcare data and privacy without recommending specific ways of meeting those requirements. That tendency leaves many developers, admins and DevOps ...
Why Automation is the Crucial Ingredient in Microservices Security
Microservices security is different from securing other technologies—and much more difficult Microservices are nothing new. Neither is the conversation about best practices for securing microservices. Typically, that conversation centers on strategies such ...
