How to Prepare Your Team for the Future of DevSecOps
May 17, 2022

Jayne Groll
DevOps Institute

DevSecOps rose to the forefront of IT transformation journeys when enterprise organizations rapidly moved their operations and development to the cloud in 2020. IT decision-makers today understand that security must be a top priority as the cloud has opened the door to new software vulnerabilities and cybersecurity threats. Leaders looking to prepare for the future of DevSecOps need to understand what will set them up for success and help harden IT security practices.

DevOps Institute Ambassadors include some of the top security experts in IT. I reached out to see how they think leaders can best prepare their teams for DevSecOps. Here are the top answers, tips and advice I received:

Helen Beal, Chief Ambassador, DevOps Institute

"The future of DevSecOps is that it becomes redundant, either part of DevOps or just how we work. You prepare your team by helping them understand that security is part of their job, learning what they need to, automating what you can, and providing the capability for continuous improvement."

Tracy Ragan, CEO and Co-founder, DeployHub

"DevSecOps covers the full landscape of hardening our cybersecurity. How you prepare determines where you are in the ecosystem. Development teams need to get serious about knowing what open-source libraries they are consuming, acting upon the data discovered in SBOMs and CVEs, and sorting out ways to expose this information so everyone is aware of the software supply chain. Testing teams will need to spend more time and money on penetration testing, while production teams focus on Chaos Engineering and respond to outages. Everyone has a new list of 'honey-dos' to better respond to the 'bad actors' in the digital world. Building a comprehensive plan is the first step for everyone."

Vishnu Vasudevan, Head of Product at Opsera

"Consider a policy-based pipeline approach that bakes security, quality and compliance gates into the software delivery lifecycle. To implement this approach, security teams need to create policies that are automatically incorporated into the CI/CD pipeline and encourage developers to source the software components (open source or otherwise) and libraries that are being used. Having a policy-based pipeline ensures every piece of code being promoted runs through a complete scan and will be stopped based on the policies set by the security team.

This DevSecOps approach allows businesses to validate their security and compliance against their organization’s goals. It will provide an opportunity to continuously improve on their goals around security to avoid hefty penalties as a result of an audit, legal and compliance. Policy-based pipelines can also help to provide visibility across different personas from development, operations team and executives on the DevSecOps KPIs."

Najib Radzuan, Principal, Digi Telecommunications

"The COVID-19 pandemic circa 2020 made most companies move into the cloud or digitalize most of their teams and operations. Hence, it also opens up vulnerabilities and more opportunities for the attacker/hacker to penetrate the newbies. Thus, people have started talking more about cybersecurity. Therefore, the DevSecOps topic is also the main topic for most IT companies now.

The organization can prepare its team with two options:

■ Create an upskilling program that sends their internal team or InfoSec/AppSec to learn about DevSecOps. They need to be vigilant by learning DevSecOps skills that automatically run all the security scans and auto-harden their environment/servers.

■ Hire a DevSecOps "champion" or DevSecOps expert who can convert the current team into a DevSecOps team."

Marc Hornbeek, CEO and Principal Consultant, Engineering DevOps Consulting

"As organizations master DevOps practices, DevSecOps becomes even more important. Accelerated continuous delivery can increase an organization’s risk profile unless security is fully integrated into the delivery pipelines. Any organization embracing DevOps and has security risks need to ensure their teams are trained on secure coding and DevSecOps practices."

Parveen Arora, Founder and Director, VVnt SeQuor

"In the recent years, we have seen a shift in the technology industry and how DevOps practices have scaled to include security into the mainstream, with dev and security teams collaborating to enable the rapid release of the secure software. To stay competitive in this digital economy, organizations are increasingly competing on time-to-market. With the growth in Agile environments, organizations need to facilitate high-speed solution delivery and secure delivery.

Traditional cybersecurity methods, i.e., having security at the perimeter, network, endpoint, data, and security checks at the final stages of the software development lifecycle (SDLC), and regular sen-test and vulnerability assessments are not sufficient anymore. DevSecOps is no longer optional, and soon, every organization will adopt this with upskilling on their workforce.

Our software developers also need to learn agile development with more security focus in the future. This is a natural evolution toward DevSecOps as a standard for software development. For those looking to break into the industry, learning a top programming language will still be highly relevant. Still, it will need to be put into practice within a security-focused development and deployment environment. Cybersecurity professionals should focus on infrastructure-as-code from an enterprise-wide perspective, which will be critical for successful business operations."

A common thread among these responses is tied to upskilling the team for DevSecOps. One way to upskill is to take DevSecOps certification courses.

Or, you can advance your skills by joining DevOps Institute for SKILup Day on Thursday, May 19, 2022, to access a full day of DevSecOps learning. Attend to network with peers and listen to practical, "how-to" sessions from leading IT security experts. Set up your DevSecOps practice for success and register here.

Jayne Groll is CEO of DevOps Institute
Share this

Industry News

June 01, 2023

Couchbase announced a broad range of enhancements to its Database-as-a-Service Couchbase Capella™.

June 01, 2023

Remote.It release of Docker Network Jumpbox to enable zero trust container access for Remote.It users.

June 01, 2023

Platformatic launched a suite of new enterprise-grade products that can be self-hosted on-prem, in a private cloud, or on Platformatic’s managed cloud service:

May 31, 2023

Parasoft announced the release of C/C++test 2023.1 with complete support of MISRA C 2023 and MISRA C 2012 with Amendment 4.

May 31, 2023

Rezilion announced the release of its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components.

May 31, 2023

Zesty has partnered with skyPurple Cloud, the public cloud operations specialists for enterprises.

With Zesty, skyPurple Cloud's customers have already reduced their average monthly EC2 Linux On-Demand costs by 44% on AWS.

May 30, 2023

Red Hat announced Red Hat Trusted Software Supply Chain, a solution that enhances resilience to software supply chain vulnerabilities.

May 30, 2023

Mirantis announced Lens Control Center, to enable large businesses to centrally manage Lens Pro deployments by standardizing configurations, consolidating billing, and enabling control over outbound network connections for greater security.

May 25, 2023

Red Hat announced new capabilities for Red Hat OpenShift AI.

May 25, 2023

Pipedrive announced the launch of Developer Hub, a centralized online app development platform for technology partners and developers.

May 25, 2023

Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers.

May 24, 2023

Red Hat announced Red Hat Service Interconnect, simplifying application connectivity and security across platforms, clusters and clouds.

May 24, 2023

Teleport announced Teleport 13, the latest version of its Teleport Access Platform to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure.

May 24, 2023

Kasten by Veeam announced the release of its new Kasten K10 V6.0 Kubernetes data protection platform.

May 23, 2023

Red Hat announced Red Hat Developer Hub, an enterprise-grade, unified and open portal designed to streamline the development process through a supported and opinionated framework.