DevOps Institute

4 Signs that Demand for DevSecOps Skills Is Growing

DevSecOps and Cybersecurity

April 23, 2018

DevSecOps isn’t yet as widely known or practiced as DevOps, but that could be changing.

2018 has been a wake-up call for enterprises that haven’t deeply integrated security practices throughout their IT organizations. In just a few short months, news has broken about major attacks and/or breaches at Sears and Delta Air, oil and gas pipelines, Panera Bread, Saks Fifth Avenue and Lord & Taylor, European financial institutions, MyFitnessPal, at least 1,000 Magento-based ecommerce sites, Orbitz, FedEx, Boeing, the city of Baltimore, and the city of Atlanta.

Because the methods of attack used in these incidents are very diverse, it’s unlikely that any single security measure could solve the problem on its own.

However, DevSecOps, which encourages greater collaboration among security professionals, developers, and IT operations staff, can do a lot to help organizations prevent, defend against, and mitigate attacks. This approach promotes the idea that security is everyone’s job, and it pushes security professionals to become more proactive and iterate more quickly.

Recent surveys and reports include at least five hints that organizations and IT professionals are beginning to understand the need for DevSecOps and the potential benefits it offers.

  1. 70% of DevOps professionals said they hadn’t received adequate security education.

Being aware of a problem is always a necessary precursor to solving it, and Veracode’s DevSecOps Global Skills survey showed that DevOps professionals are very cognizant of their skills deficits. Among the DevOps professionals who had earned bachelor’s or master’s degrees, about 70% said their security education was inadequate for their current positions. Perhaps even more astonishingly, three out of four said they weren’t required to take a single IT security class to obtain their diplomas.

  1. Nearly 40% of organizations say the hardest employees to find are DevOps gurus with security testing knowledge.

The same survey asked which types of DevOps job candidates are the toughest to find and hire. The number one vote-getter, selected by 40% of respondents, was “all-purpose DevOps gurus with sufficient knowledge about security testing.” Clearly, organizations are looking for DevSecOps professionals—but they aren’t always finding them.

  1. 85% of security professionals said their organizations don’t invest enough in application security training.

When it comes to placing the blame for the lack of security knowledge, security staff at DevOps firms place at least part of the blame on management. The vast majority (85%) said their companies don’t spend enough money to train developers about application security issues.

  1. 85% of highly mature DevOps organizations make application security training available to their employees.

A separate report, the Sonatype DevSecOps Community Survey, found a big difference between highly mature DevOps organizations and others who are still embracing the approach. In the highly mature organizations, all but 15% made application security training available to employees. It seems that these leading organizations have found a secret weapon in the fight against cyber attackers that most firms—even among those that are embracing DevOps—have not.

The Veracode survey also asked DevOps professionals what would be the most effective way to gain the new skills they are lacking. Among those surveyed, 37% said they believed the most effective way to boost their DevSecOps skills would be to attend classroom or e-learning training programs. Organizations that want to take that advice should check out DevOps Institute’s DevSecOps Engineering (DSOE) certification. It’s a great way to give security professionals “security as code” skills that help them better protect their organizations and embrace DevOps culture.

Cynthia Harvey

About the Author

Cynthia Harvey is a freelance writer and editor based in the Detroit area. She has been covering the technology industry for more than fifteen years.

sidebar graphic with register for London SKILup Festival on September 13, 2022CTA

Membership at DevOps Institute

related posts

8 Insights From the Upskilling IT 2022 Report [Infographic]

8 Insights From the Upskilling IT 2022 Report [Infographic]

By Eveline Oehrlich Chief Research Officer, DevOps Institute This year’s Upskilling IT Report reveals a critical need to close DevOps skills gaps, identifies top skills capabilities, and highlights emerging job roles to help individuals and organizations accelerate IT...

[EP81] What is a “Radical Enterprise” with Matt Parker

[EP81] What is a “Radical Enterprise” with Matt Parker

On this episode of the Humans of DevOps, Jason Baum is joined by Matt K. Parker, author of A Radical Enterprise: Pioneering the Future of High-Performing Organizations. Matt and Jason discuss successful and truly radical business models, what leads folks to try and...

What Are Cloud AI Developer Services?

What Are Cloud AI Developer Services?

Cloud AI Developer Services are growing and cloud providers now offer these services to developers. These hosted models allow developers to gain access to Artificial Intelligence/Machine Learning (AI/ML) technologies without needing deep data science expertise.  As an...