How to Prepare Your Team for the Future of DevSecOps
May 17, 2022

Jayne Groll
DevOps Institute

DevSecOps rose to the forefront of IT transformation journeys when enterprise organizations rapidly moved their operations and development to the cloud in 2020. IT decision-makers today understand that security must be a top priority as the cloud has opened the door to new software vulnerabilities and cybersecurity threats. Leaders looking to prepare for the future of DevSecOps need to understand what will set them up for success and help harden IT security practices.

DevOps Institute Ambassadors include some of the top security experts in IT. I reached out to see how they think leaders can best prepare their teams for DevSecOps. Here are the top answers, tips and advice I received:

Helen Beal, Chief Ambassador, DevOps Institute

"The future of DevSecOps is that it becomes redundant, either part of DevOps or just how we work. You prepare your team by helping them understand that security is part of their job, learning what they need to, automating what you can, and providing the capability for continuous improvement."

Tracy Ragan, CEO and Co-founder, DeployHub

"DevSecOps covers the full landscape of hardening our cybersecurity. How you prepare determines where you are in the ecosystem. Development teams need to get serious about knowing what open-source libraries they are consuming, acting upon the data discovered in SBOMs and CVEs, and sorting out ways to expose this information so everyone is aware of the software supply chain. Testing teams will need to spend more time and money on penetration testing, while production teams focus on Chaos Engineering and respond to outages. Everyone has a new list of 'honey-dos' to better respond to the 'bad actors' in the digital world. Building a comprehensive plan is the first step for everyone."

Vishnu Vasudevan, Head of Product at Opsera

"Consider a policy-based pipeline approach that bakes security, quality and compliance gates into the software delivery lifecycle. To implement this approach, security teams need to create policies that are automatically incorporated into the CI/CD pipeline and encourage developers to source the software components (open source or otherwise) and libraries that are being used. Having a policy-based pipeline ensures every piece of code being promoted runs through a complete scan and will be stopped based on the policies set by the security team.

This DevSecOps approach allows businesses to validate their security and compliance against their organization’s goals. It will provide an opportunity to continuously improve on their goals around security to avoid hefty penalties as a result of an audit, legal and compliance. Policy-based pipelines can also help to provide visibility across different personas from development, operations team and executives on the DevSecOps KPIs."

Najib Radzuan, Principal, Digi Telecommunications

"The COVID-19 pandemic circa 2020 made most companies move into the cloud or digitalize most of their teams and operations. Hence, it also opens up vulnerabilities and more opportunities for the attacker/hacker to penetrate the newbies. Thus, people have started talking more about cybersecurity. Therefore, the DevSecOps topic is also the main topic for most IT companies now.

The organization can prepare its team with two options:

■ Create an upskilling program that sends their internal team or InfoSec/AppSec to learn about DevSecOps. They need to be vigilant by learning DevSecOps skills that automatically run all the security scans and auto-harden their environment/servers.

■ Hire a DevSecOps "champion" or DevSecOps expert who can convert the current team into a DevSecOps team."

Marc Hornbeek, CEO and Principal Consultant, Engineering DevOps Consulting

"As organizations master DevOps practices, DevSecOps becomes even more important. Accelerated continuous delivery can increase an organization’s risk profile unless security is fully integrated into the delivery pipelines. Any organization embracing DevOps and has security risks need to ensure their teams are trained on secure coding and DevSecOps practices."

Parveen Arora, Founder and Director, VVnt SeQuor

"In the recent years, we have seen a shift in the technology industry and how DevOps practices have scaled to include security into the mainstream, with dev and security teams collaborating to enable the rapid release of the secure software. To stay competitive in this digital economy, organizations are increasingly competing on time-to-market. With the growth in Agile environments, organizations need to facilitate high-speed solution delivery and secure delivery.

Traditional cybersecurity methods, i.e., having security at the perimeter, network, endpoint, data, and security checks at the final stages of the software development lifecycle (SDLC), and regular sen-test and vulnerability assessments are not sufficient anymore. DevSecOps is no longer optional, and soon, every organization will adopt this with upskilling on their workforce.

Our software developers also need to learn agile development with more security focus in the future. This is a natural evolution toward DevSecOps as a standard for software development. For those looking to break into the industry, learning a top programming language will still be highly relevant. Still, it will need to be put into practice within a security-focused development and deployment environment. Cybersecurity professionals should focus on infrastructure-as-code from an enterprise-wide perspective, which will be critical for successful business operations."

A common thread among these responses is tied to upskilling the team for DevSecOps. One way to upskill is to take DevSecOps certification courses.

Or, you can advance your skills by joining DevOps Institute for SKILup Day on Thursday, May 19, 2022, to access a full day of DevSecOps learning. Attend to network with peers and listen to practical, "how-to" sessions from leading IT security experts. Set up your DevSecOps practice for success and register here.

Jayne Groll is CEO of DevOps Institute
Share this

Industry News

June 20, 2024

Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).

June 20, 2024

SUSE® announced new capabilities across its Linux, cloud native, and edge portfolio of enterprise infrastructure solutions to help unlock the infinite potential of open source in enterprises.

June 20, 2024

Redgate Software announced the acquisition of DB-Engines, an independent source of objective data in the database management systems market.

June 18, 2024

Parasoft has achieved "Awardable" status through the Chief Digital and Artificial Intelligence Office's (CDAO) Tradewinds Solutions Marketplace.

June 18, 2024

SmartBear launched two innovations that fundamentally change how both API and functional tests are performed, integrating SmartBear HaloAI, trusted AI-driven technology, and marking a significant step forward in the company's AI strategy.

June 18, 2024

Datadog announced the general availability of Datadog App Builder, a low-code development tool that helps teams rapidly create self-service applications and integrate them securely into their monitoring stacks.

June 17, 2024

Netlify announced a new Adobe Experience Manager integration to ease the transition from legacy web architecture to composable architecture.

June 17, 2024

Gearset announced a suite of new features to expand the capabilities of its comprehensive Salesforce DevOps platform.

June 17, 2024

Cequence announced a new partnership with Singularity Tech, an Australia-based professional services company with expertise in APIs and DevOps.

June 13, 2024

Elastic announced a partner integration package with LangChain that will simplify the import of vector database and retrieval capabilities of Elasticsearch into LangChain applications.

June 13, 2024

Fastly announced the launch of Fastly AI Accelerator, the company’s first AI solution designed to create a better experience for developers by helping improve performance and reduce costs across the use of similar prompts for large language models (LLM) apps.

June 13, 2024

Shreds.AI, ant AI capable of generating complex, business-grade software from simple descriptions in record time, announced its formal beta launch.

June 12, 2024

GitLab announced the public beta of expanded integrations with Google Cloud that will help developers work more effectively, quickly, and productively.

June 12, 2024

Pulumi announced Pulumi Copilot, AI for general cloud infrastructure management.

June 12, 2024

Harness completed the acquisition of Split Software, a feature management and experimentation provider, effective June 11, 2024.