How to Prepare Your Team for the Future of DevSecOps
May 17, 2022

Jayne Groll
DevOps Institute

DevSecOps rose to the forefront of IT transformation journeys when enterprise organizations rapidly moved their operations and development to the cloud in 2020. IT decision-makers today understand that security must be a top priority as the cloud has opened the door to new software vulnerabilities and cybersecurity threats. Leaders looking to prepare for the future of DevSecOps need to understand what will set them up for success and help harden IT security practices.

DevOps Institute Ambassadors include some of the top security experts in IT. I reached out to see how they think leaders can best prepare their teams for DevSecOps. Here are the top answers, tips and advice I received:

Helen Beal, Chief Ambassador, DevOps Institute

"The future of DevSecOps is that it becomes redundant, either part of DevOps or just how we work. You prepare your team by helping them understand that security is part of their job, learning what they need to, automating what you can, and providing the capability for continuous improvement."

Tracy Ragan, CEO and Co-founder, DeployHub

"DevSecOps covers the full landscape of hardening our cybersecurity. How you prepare determines where you are in the ecosystem. Development teams need to get serious about knowing what open-source libraries they are consuming, acting upon the data discovered in SBOMs and CVEs, and sorting out ways to expose this information so everyone is aware of the software supply chain. Testing teams will need to spend more time and money on penetration testing, while production teams focus on Chaos Engineering and respond to outages. Everyone has a new list of 'honey-dos' to better respond to the 'bad actors' in the digital world. Building a comprehensive plan is the first step for everyone."

Vishnu Vasudevan, Head of Product at Opsera

"Consider a policy-based pipeline approach that bakes security, quality and compliance gates into the software delivery lifecycle. To implement this approach, security teams need to create policies that are automatically incorporated into the CI/CD pipeline and encourage developers to source the software components (open source or otherwise) and libraries that are being used. Having a policy-based pipeline ensures every piece of code being promoted runs through a complete scan and will be stopped based on the policies set by the security team.

This DevSecOps approach allows businesses to validate their security and compliance against their organization’s goals. It will provide an opportunity to continuously improve on their goals around security to avoid hefty penalties as a result of an audit, legal and compliance. Policy-based pipelines can also help to provide visibility across different personas from development, operations team and executives on the DevSecOps KPIs."

Najib Radzuan, Principal, Digi Telecommunications

"The COVID-19 pandemic circa 2020 made most companies move into the cloud or digitalize most of their teams and operations. Hence, it also opens up vulnerabilities and more opportunities for the attacker/hacker to penetrate the newbies. Thus, people have started talking more about cybersecurity. Therefore, the DevSecOps topic is also the main topic for most IT companies now.

The organization can prepare its team with two options:

■ Create an upskilling program that sends their internal team or InfoSec/AppSec to learn about DevSecOps. They need to be vigilant by learning DevSecOps skills that automatically run all the security scans and auto-harden their environment/servers.

■ Hire a DevSecOps "champion" or DevSecOps expert who can convert the current team into a DevSecOps team."

Marc Hornbeek, CEO and Principal Consultant, Engineering DevOps Consulting

"As organizations master DevOps practices, DevSecOps becomes even more important. Accelerated continuous delivery can increase an organization’s risk profile unless security is fully integrated into the delivery pipelines. Any organization embracing DevOps and has security risks need to ensure their teams are trained on secure coding and DevSecOps practices."

Parveen Arora, Founder and Director, VVnt SeQuor

"In the recent years, we have seen a shift in the technology industry and how DevOps practices have scaled to include security into the mainstream, with dev and security teams collaborating to enable the rapid release of the secure software. To stay competitive in this digital economy, organizations are increasingly competing on time-to-market. With the growth in Agile environments, organizations need to facilitate high-speed solution delivery and secure delivery.

Traditional cybersecurity methods, i.e., having security at the perimeter, network, endpoint, data, and security checks at the final stages of the software development lifecycle (SDLC), and regular sen-test and vulnerability assessments are not sufficient anymore. DevSecOps is no longer optional, and soon, every organization will adopt this with upskilling on their workforce.

Our software developers also need to learn agile development with more security focus in the future. This is a natural evolution toward DevSecOps as a standard for software development. For those looking to break into the industry, learning a top programming language will still be highly relevant. Still, it will need to be put into practice within a security-focused development and deployment environment. Cybersecurity professionals should focus on infrastructure-as-code from an enterprise-wide perspective, which will be critical for successful business operations."

A common thread among these responses is tied to upskilling the team for DevSecOps. One way to upskill is to take DevSecOps certification courses.

Or, you can advance your skills by joining DevOps Institute for SKILup Day on Thursday, May 19, 2022, to access a full day of DevSecOps learning. Attend to network with peers and listen to practical, "how-to" sessions from leading IT security experts. Set up your DevSecOps practice for success and register here.

Jayne Groll is CEO of DevOps Institute
Share this

Industry News

March 18, 2024

Kubiya.ai announces the launch of its DevOps Digital Agents.

March 18, 2024

Aviatrix® introduced Aviatrix Distributed Cloud Firewall for Kubernetes, a distributed cloud networking and network security solution for containerized enterprise applications and workloads.

March 18, 2024

Stride announces the general availability of Stride Conductor, its new autonomous coding product that transforms the software development landscape.

March 14, 2024

CircleCI unveiled CircleCI releases, which enables developers to automate the release orchestration process directly from the CircleCI UI.

March 13, 2024

Fermyon™ Technologies announces Fermyon Platform for Kubernetes, a WebAssembly platform for Kubernetes.

March 13, 2024

Akuity announced a new offer targeted at Enterprises and businesses where security and compliance are key.

March 13, 2024

New Relic launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing.

March 12, 2024

OutSystems announced AI Agent Builder, a new solution in the OutSystems Developer Cloud platform that makes it easy for IT leaders to incorporate generative AI (GenAI) powered applications into their digital transformation strategy, as well as govern the use of AI to ensure standardization and security.

March 12, 2024

Mirantis announced significant updates to Lens Desktop that makes working with Kubernetes easier by simplifying operations, improving efficiency, and increasing productivity. Lens 2024 Early Access is now available to Lens users.

March 12, 2024

Codezero announced a $3.5 million seed-funding round led by Ballistic Ventures, the venture capital firm dedicated exclusively to funding entrepreneurs and innovations in cybersecurity.

March 11, 2024

Prismatic launched a code-native integration building experience.

March 07, 2024

Check Point® Software Technologies Ltd. announced its Check Point Infinity Platform has been ranked as the #1 Zero Trust Platform in the latest Miercom Zero Trust Platform Assessment.

March 07, 2024

Tricentis announced the launch and availability of SAP Test Automation by Tricentis as an SAP Solution Extension.

March 07, 2024

Netlify announced the general availability of the AI-enabled deploy assist.

March 07, 2024

DataStax announced a new integration with Airbyte that simplifies the process of building production-ready GenAI applications with structured and unstructured data.