DevOps Institute

4 Signs that Demand for DevSecOps Skills Is Growing

DevSecOps and Cybersecurity

DevSecOps isn’t yet as widely known or practiced as DevOps, but that could be changing.

2018 has been a wake-up call for enterprises that haven’t deeply integrated security practices throughout their IT organizations. In just a few short months, news has broken about major attacks and/or breaches at Sears and Delta Air, oil and gas pipelines, Panera Bread, Saks Fifth Avenue and Lord & Taylor, European financial institutions, MyFitnessPal, at least 1,000 Magento-based ecommerce sites, Orbitz, FedEx, Boeing, the city of Baltimore, and the city of Atlanta.

Because the methods of attack used in these incidents are very diverse, it’s unlikely that any single security measure could solve the problem on its own.

However, DevSecOps, which encourages greater collaboration among security professionals, developers, and IT operations staff, can do a lot to help organizations prevent, defend against, and mitigate attacks. This approach promotes the idea that security is everyone’s job, and it pushes security professionals to become more proactive and iterate more quickly.

Recent surveys and reports include at least five hints that organizations and IT professionals are beginning to understand the need for DevSecOps and the potential benefits it offers.

  1. 70% of DevOps professionals said they hadn’t received adequate security education.

Being aware of a problem is always a necessary precursor to solving it, and Veracode’s DevSecOps Global Skills survey showed that DevOps professionals are very cognizant of their skills deficits. Among the DevOps professionals who had earned bachelor’s or master’s degrees, about 70% said their security education was inadequate for their current positions. Perhaps even more astonishingly, three out of four said they weren’t required to take a single IT security class to obtain their diplomas.

  1. Nearly 40% of organizations say the hardest employees to find are DevOps gurus with security testing knowledge.

The same survey asked which types of DevOps job candidates are the toughest to find and hire. The number one vote-getter, selected by 40% of respondents, was “all-purpose DevOps gurus with sufficient knowledge about security testing.” Clearly, organizations are looking for DevSecOps professionals—but they aren’t always finding them.

  1. 85% of security professionals said their organizations don’t invest enough in application security training.

When it comes to placing the blame for the lack of security knowledge, security staff at DevOps firms place at least part of the blame on management. The vast majority (85%) said their companies don’t spend enough money to train developers about application security issues.

  1. 85% of highly mature DevOps organizations make application security training available to their employees.

A separate report, the Sonatype DevSecOps Community Survey, found a big difference between highly mature DevOps organizations and others who are still embracing the approach. In the highly mature organizations, all but 15% made application security training available to employees. It seems that these leading organizations have found a secret weapon in the fight against cyber attackers that most firms—even among those that are embracing DevOps—have not.

The Veracode survey also asked DevOps professionals what would be the most effective way to gain the new skills they are lacking. Among those surveyed, 37% said they believed the most effective way to boost their DevSecOps skills would be to attend classroom or e-learning training programs. Organizations that want to take that advice should check out DevOps Institute’s DevSecOps Engineering (DSOE) certification. It’s a great way to give security professionals “security as code” skills that help them better protect their organizations and embrace DevOps culture.

Cynthia Harvey

About the Author

Cynthia Harvey is a freelance writer and editor based in the Detroit area. She has been covering the technology industry for more than fifteen years.

SKILup IT Learning blog side bar ad

Community at DevOps Institute

related posts

Architect, Implement and Scale Kubernetes in Enterprise Environments

Architect, Implement and Scale Kubernetes in Enterprise Environments

Image source gyn9038 via Getty Images A SKILup Day Event Recap  At Enterprise Kubernetes SKILup Day on March 15, 2023, leading experts and practitioners shared their stories of architecting, implementing and scaling Enterprise Kubernetes. They gave valuable insights...

[EP98] Cybersecurity: What You Should Know with Dr. Nikki Robinson

[EP98] Cybersecurity: What You Should Know with Dr. Nikki Robinson

This episode dives into the crucial topic of Cybersecurity as Eveline Oehrlich and Dr. Nikki Robinson provide key insights about what we should be aware of in this ever-evolving digital world. Dr. Nikki Robinson is an experienced Security Architect with a demonstrated...

A Great Partnership: Site Reliability Engineering (SRE) and DevOps

A Great Partnership: Site Reliability Engineering (SRE) and DevOps

Image source Yuri_Arcurs via Getty Images Achieving Speed, Quality and Reliability All at Once By Eveline Oehrlich, DevOps Institute and Andreas Prins, StackState DevOps is not a prescriptive methodology but was born out of the need to improve the software development...