Join the DevOps Community!

Register New Account

BASIC is always free and only requires a simple registration. Members will have access to a vast knowledge library to support continuous learning.

 

Already have an account?

Join the DevOps Community!

Register New Account

BASIC is always free and only requires a simple registration. Members will have access to a vast knowledge library to support continuous learning.

 

Already have an account?

4 Signs that Demand for DevSecOps Skills Is Growing

DevSecOps and Cybersecurity

DevSecOps isn’t yet as widely known or practiced as DevOps, but that could be changing.

2018 has been a wake-up call for enterprises that haven’t deeply integrated security practices throughout their IT organizations. In just a few short months, news has broken about major attacks and/or breaches at Sears and Delta Air, oil and gas pipelines, Panera Bread, Saks Fifth Avenue and Lord & Taylor, European financial institutions, MyFitnessPal, at least 1,000 Magento-based ecommerce sites, Orbitz, FedEx, Boeing, the city of Baltimore, and the city of Atlanta.

Because the methods of attack used in these incidents are very diverse, it’s unlikely that any single security measure could solve the problem on its own.

However, DevSecOps, which encourages greater collaboration among security professionals, developers, and IT operations staff, can do a lot to help organizations prevent, defend against, and mitigate attacks. This approach promotes the idea that security is everyone’s job, and it pushes security professionals to become more proactive and iterate more quickly.

Recent surveys and reports include at least five hints that organizations and IT professionals are beginning to understand the need for DevSecOps and the potential benefits it offers.

  1. 70% of DevOps professionals said they hadn’t received adequate security education.

Being aware of a problem is always a necessary precursor to solving it, and Veracode’s DevSecOps Global Skills survey showed that DevOps professionals are very cognizant of their skills deficits. Among the DevOps professionals who had earned bachelor’s or master’s degrees, about 70% said their security education was inadequate for their current positions. Perhaps even more astonishingly, three out of four said they weren’t required to take a single IT security class to obtain their diplomas.

  1. Nearly 40% of organizations say the hardest employees to find are DevOps gurus with security testing knowledge.

The same survey asked which types of DevOps job candidates are the toughest to find and hire. The number one vote-getter, selected by 40% of respondents, was “all-purpose DevOps gurus with sufficient knowledge about security testing.” Clearly, organizations are looking for DevSecOps professionals—but they aren’t always finding them.

  1. 85% of security professionals said their organizations don’t invest enough in application security training.

When it comes to placing the blame for the lack of security knowledge, security staff at DevOps firms place at least part of the blame on management. The vast majority (85%) said their companies don’t spend enough money to train developers about application security issues.

  1. 85% of highly mature DevOps organizations make application security training available to their employees.

A separate report, the Sonatype DevSecOps Community Survey, found a big difference between highly mature DevOps organizations and others who are still embracing the approach. In the highly mature organizations, all but 15% made application security training available to employees. It seems that these leading organizations have found a secret weapon in the fight against cyber attackers that most firms—even among those that are embracing DevOps—have not.

The Veracode survey also asked DevOps professionals what would be the most effective way to gain the new skills they are lacking. Among those surveyed, 37% said they believed the most effective way to boost their DevSecOps skills would be to attend classroom or e-learning training programs. Organizations that want to take that advice should check out DevOps Institute’s DevSecOps Engineering (DSOE) certification. It’s a great way to give security professionals “security as code” skills that help them better protect their organizations and embrace DevOps culture.

Cynthia Harvey

About the Author

Cynthia Harvey is a freelance writer and editor based in the Detroit area. She has been covering the technology industry for more than fifteen years.

Join our Community for Free

related posts

DevSecOps and ITIL4

DevSecOps and ITIL4

By: Niladri Choudhuri, Hugo Lourenco, Jay Shah and Helen Beal DevSecOps has emerged and established itself as the model to assure cybersecurity is properly considered when transitioning to DevOps ways of working. It demands collaboration between the security, IT...

Team Cognitive Load

Team Cognitive Load

By: Tom Henriksen Team Cognitive Load is an interesting idea. I have heard other people discuss cognitive load and how it relates to developers;the team though is a new wrinkle to me. Recently I had the privilege of talking to Manuel Pais. He is the co-author of a...

DevSecOps SKILup Day Highlights

DevSecOps SKILup Day Highlights

We’re on the tail-end of yet another eventful month for DevOps Institute. To kick things off, we declared September as DevSecOps month! To celebrate and help the community SKILup on all things DevSecOps, we hosted several events and shared a variety of new resources...

eBook: How to be Resilient in a Culture of Constant Change

Resilience is being able to recognize your own emotions and behaviours when under stress and be able to manage them accordingly. It means embracing the fact that constant change is the norm and accepting the reality it brings.  This ebook by well known organizational...