Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.
Does Your Security Team Need Coding Resources?
September 10, 2018
When thinking about security automation, a common concern from security teams is that they don't have the coding capabilities needed to create, implement, and maintain it. Pulling development resources from the IT team or engineering department can take time. Backlogs are long, and revenue-generating projects enough take priority. There is always the option to hire an IT consultant, however this can be a costly endeavor and is not a sustainable long-term option.
As a result, security teams often try and find the sought-after "unicorn." This is a security professional who is not only an expert on all things information security, incident response, or threat intelligence, but also someone who can also write integrations and build automation between systems and products.
As I'm sure you can imagine, finding this rare type of person is a tall order – if not impossible. It can take up to a year to hire a security professional, and that doesn't include finding someone who also has a software development skill set.
So, what are teams to do when internal resources are tight and there isn't budget to hire an outside consultant or "unicorn?"
Start Implementing Your Security Automation Options
To start, begin leveraging a security orchestration and automation solution to handle many, if not all, of your routine tasks for you. This will accomplish three different things:
1. Ensure all your security tasks are taken care of in a timely and proactive way
2. Eliminate the need for coding skills on your team
3. Refocus your team's focus to more strategic, ROI-driven tasks
From there, when you need really customized integrations or complex workflows built, you can bring in coding expertise strategically. This can help optimize both your development and security resources.
Once the need for coding is solved, you can stop chasing the ephemeral unicorn hire. In addition, you will also be able to enhance what your current team is working on. For example, instead of having them spend most of their time on mundane tasks like reviewing alerts, investigating phishing attempts, and scoring IP addresses, they can put their talent to better use. This includes analyzing and responding to threats and developing a more strategic security posture.
When teams have less busy work on their plates, they can spend more time learning new skills. If you want your team to be able to do build custom integrations or automation on top of the security automation and orchestration solution you use, teams can learn and practice coding.
With your team able to re-shift their focus to tasks that are most relevant to their skill set and interests, you may also reduce attrition – an added bonus considering today's security talent crunch(link is external).
Find Your Balance
At the end of the day, my main piece of advice to all companies is to code strategically. This is not to say you can't or absolutely should not bring coding resources onto your security team. Instead, look to strike a balance between bringing in scarce resources when you really need them and relying on out-of-the-box solutions whenever possible to alleviate the talent (and time) crunch.
Ideally, the security orchestration and automation solution you choose will allow you to add custom integrations alongside pre-built workflows. These solutions are the ones that can do much of the heavy lifting for you and save your development resources for the truly custom work. In addition, identifying a solution that offers the best of both worlds will keep your team happy and productive, and accelerate the time to value for security automation.
At the end of the day, let your talent focus on what they do best, and let orchestration and automation take care of the rest.
Industry News
April 02, 2025
Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.
April 02, 2025
Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.
April 02, 2025
Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)
April 02, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.
April 01, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.
April 01, 2025
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.
April 01, 2025
Platform9 announced that Private Cloud Director Community Edition is generally available.
March 31, 2025
Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.
March 31, 2025
CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.
March 31, 2025
Mirantis announced the k0rdent Application Catalog – with 19 validated infrastructure and software integrations that empower platform engineers to accelerate the delivery of cloud-native and AI workloads wherever the\y need to be deployed.
March 31, 2025
Traefik Labs announced its Kubernetes-native API Management product suite is now available on the Oracle Cloud Marketplace.
March 27, 2025
webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
