How to Prepare Your Team for the Future of DevSecOps
May 17, 2022

Jayne Groll
DevOps Institute

DevSecOps rose to the forefront of IT transformation journeys when enterprise organizations rapidly moved their operations and development to the cloud in 2020. IT decision-makers today understand that security must be a top priority as the cloud has opened the door to new software vulnerabilities and cybersecurity threats. Leaders looking to prepare for the future of DevSecOps need to understand what will set them up for success and help harden IT security practices.

DevOps Institute Ambassadors include some of the top security experts in IT. I reached out to see how they think leaders can best prepare their teams for DevSecOps. Here are the top answers, tips and advice I received:

Helen Beal, Chief Ambassador, DevOps Institute

"The future of DevSecOps is that it becomes redundant, either part of DevOps or just how we work. You prepare your team by helping them understand that security is part of their job, learning what they need to, automating what you can, and providing the capability for continuous improvement."

Tracy Ragan, CEO and Co-founder, DeployHub

"DevSecOps covers the full landscape of hardening our cybersecurity. How you prepare determines where you are in the ecosystem. Development teams need to get serious about knowing what open-source libraries they are consuming, acting upon the data discovered in SBOMs and CVEs, and sorting out ways to expose this information so everyone is aware of the software supply chain. Testing teams will need to spend more time and money on penetration testing, while production teams focus on Chaos Engineering and respond to outages. Everyone has a new list of 'honey-dos' to better respond to the 'bad actors' in the digital world. Building a comprehensive plan is the first step for everyone."

Vishnu Vasudevan, Head of Product at Opsera

"Consider a policy-based pipeline approach that bakes security, quality and compliance gates into the software delivery lifecycle. To implement this approach, security teams need to create policies that are automatically incorporated into the CI/CD pipeline and encourage developers to source the software components (open source or otherwise) and libraries that are being used. Having a policy-based pipeline ensures every piece of code being promoted runs through a complete scan and will be stopped based on the policies set by the security team.

This DevSecOps approach allows businesses to validate their security and compliance against their organization’s goals. It will provide an opportunity to continuously improve on their goals around security to avoid hefty penalties as a result of an audit, legal and compliance. Policy-based pipelines can also help to provide visibility across different personas from development, operations team and executives on the DevSecOps KPIs."

Najib Radzuan, Principal, Digi Telecommunications

"The COVID-19 pandemic circa 2020 made most companies move into the cloud or digitalize most of their teams and operations. Hence, it also opens up vulnerabilities and more opportunities for the attacker/hacker to penetrate the newbies. Thus, people have started talking more about cybersecurity. Therefore, the DevSecOps topic is also the main topic for most IT companies now.

The organization can prepare its team with two options:

■ Create an upskilling program that sends their internal team or InfoSec/AppSec to learn about DevSecOps. They need to be vigilant by learning DevSecOps skills that automatically run all the security scans and auto-harden their environment/servers.

■ Hire a DevSecOps "champion" or DevSecOps expert who can convert the current team into a DevSecOps team."

Marc Hornbeek, CEO and Principal Consultant, Engineering DevOps Consulting

"As organizations master DevOps practices, DevSecOps becomes even more important. Accelerated continuous delivery can increase an organization’s risk profile unless security is fully integrated into the delivery pipelines. Any organization embracing DevOps and has security risks need to ensure their teams are trained on secure coding and DevSecOps practices."

Parveen Arora, Founder and Director, VVnt SeQuor

"In the recent years, we have seen a shift in the technology industry and how DevOps practices have scaled to include security into the mainstream, with dev and security teams collaborating to enable the rapid release of the secure software. To stay competitive in this digital economy, organizations are increasingly competing on time-to-market. With the growth in Agile environments, organizations need to facilitate high-speed solution delivery and secure delivery.

Traditional cybersecurity methods, i.e., having security at the perimeter, network, endpoint, data, and security checks at the final stages of the software development lifecycle (SDLC), and regular sen-test and vulnerability assessments are not sufficient anymore. DevSecOps is no longer optional, and soon, every organization will adopt this with upskilling on their workforce.

Our software developers also need to learn agile development with more security focus in the future. This is a natural evolution toward DevSecOps as a standard for software development. For those looking to break into the industry, learning a top programming language will still be highly relevant. Still, it will need to be put into practice within a security-focused development and deployment environment. Cybersecurity professionals should focus on infrastructure-as-code from an enterprise-wide perspective, which will be critical for successful business operations."

A common thread among these responses is tied to upskilling the team for DevSecOps. One way to upskill is to take DevSecOps certification courses.

Or, you can advance your skills by joining DevOps Institute for SKILup Day on Thursday, May 19, 2022, to access a full day of DevSecOps learning. Attend to network with peers and listen to practical, "how-to" sessions from leading IT security experts. Set up your DevSecOps practice for success and register here.

Jayne Groll is CEO of DevOps Institute
Share this

Industry News

November 21, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.

November 21, 2024

Securiti announced a new solution - Security for AI Copilots in SaaS apps.

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.

November 19, 2024

Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.

November 19, 2024

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

November 19, 2024

Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.

November 18, 2024

MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.