Pegasystems announced the general availability of Pega Infinity ’24.1™.
As organizations seek to better embed security into DevOps and Agile software development, they're going to need to find better ways of scaling security knowledge across cross-functional teams. Everyone needs to chip in, and the only way they can do that is if companies properly train members of cross-functional teams on what it means to deploy secure software.
Start with 5 Ways to Train Security Champions in Cross-Functional DevOps Teams - Part 1
3. Tackle Role-Based Security Training
Even with a sophisticated blended learning experience, generic security training should only be the foundation for developing security champions within DevOps teams. A security champion program depends on training that's tailored to specific roles.
Not only that, this training needs to be designed for the new reality of collaborative DevOps-based roles, rather than the limited and siloed IT functions of years past.
Organizations can take a team's security knowledge to the next level with tailored, prescriptive training based on specific roles. Once individuals have the basic education and the hands-on experience, it pays to take the information about how they performed in these trainings and tell the trainee where they should focus next based on their job duties. So developers would get one suggested learning path, QAs another, infrastructure specialists a different one, and so on. By doing that, it'll give every security champion a much deeper level of training applicable to his or her daily workflows.
The training needs to offer people the path to not necessarily turn into security staff, but to learn at an elite level how security applies to their specific role. If teams can pepper even just a percentage of these elite security champions across each common role, these highly trained individuals can help their peers level up their skills organically as they work together on a daily basis.
4. Leverage Modularized Training
Many of the security principles taught to different roles will overlap so there's no reason to reinvent the wheel with brand new curriculum for every unique role. One way to do this is to develop a modularized training approach.
Modularized training breaks down certain principles into individual components of a curriculum library. From there an organization can then mix and match these components for each person's appropriate path — based on their role and depth of knowledge they need. Not only does this make it more elegantly to shift to role-based security training, but it also adheres to the latest research in education that favors moving from traditional, long-form courses to shorter, more consumable modules.
5. Establish a Security Training Plan for DevOps Teams
Gartner analysts predict that DevSecOps practices will become embedded into 80% of rapid development teams by 2021. In this day and age where every company is a software company, IT leaders need to develop a security training roadmap to help their teams keep up with cybersecurity best practices to ensure that applications don't add unnecessary risk to the business.
Without detailed, prescriptive learning paths based on roles, organizations risk wasting their training dollars on generic knowledge. Many times companies simply require a number of hours for professional development in security, without offering any guidance or prescriptions of what the course matter should include. As a result, employees often choose the easiest path to racking up those hours without gaining many appreciable skills or knowledge along the way.
Because there are so many moving pieces to building out training that grooms security champions across so many IT functions, security and IT leaders need to actually lay out a detailed plan for how they're going to develop security skills relevant to every function of a DevOps team. They don't have to go it alone.
Industry News
Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.
GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.
Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.
Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.
Rafay Systems has extended the capabilities of its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.
NodeScript, a free, low-code developer environment for workflow automation and API integration, is released by UBIO.
IBM announced IBM Test Accelerator for Z, a solution designed to revolutionize testing on IBM Z, a tool that expedites the shift-left approach, fostering smooth collaboration between z/OS developers and testers.
StreamNative launched Ursa, a Kafka-compatible data streaming engine built on top of lakehouse storage.
GitKraken acquired code health innovator, CodeSee.
ServiceNow introduced a new no‑code development studio and new automation capabilities to accelerate and scale digital transformation across the enterprise.
Security Innovation has added new skills assessments to its Base Camp training platform for software security training.
CAST introduced CAST Highlight Extensions Marketplace — an integrated marketplace for the software intelligence product where users can effortlessly browse and download a diverse range of extensions and plugins.
Red Hat and Elastic announced an expanded collaboration to deliver next-generation search experiences supporting retrieval augmented generation (RAG) patterns using Elasticsearch as a preferred vector database solution integrated on Red Hat OpenShift AI.
Traceable AI announced an Early Access Program for its new Generative AI API Security capabilities.