DevSecOps Recruitment – What, Why and How?

 

DevSecOps has become a common term in job descriptions now. It seen a crucial part of DevOps, especially given the current security focused climate. Although many seasoned DevOps Engineers would likely say DevSecOps has always been part of their role, the term seems here to stay! Demand for such engineers is sky high now and will continue to rise for the foreseeable. A study by the DevOps Institute showed 40% of organizations say the hardest employees to hire are “DevOps gurus with security testing knowledge”

No alt text provided for this image

What is DevSecOps

Before the DevSecOps approach was introduced, security was added at the end of the development process which made sense when working with long software development processes / waterfall method. As things have moved to much shorter delivery cycles, which created apparent issues with lack of timely cooperation between teams and low-refinement security of the product. DevSecOps is simply an approach or mindset where all teams including security, are responsible for the security of the system, and security is built in right from the start. In this way two most important factors in software development – fast delivery and secure code – were brought together in order to get quick and safe final product.

No alt text provided for this image

Benefits of DevSecOps

When it comes to the benefits of DevSecOps approach, they are numerous. There should be a better ROI in security infrastructure due to better operational efficiency. There are more possibilities for automated builds and QA testing, and better cloud service deployments etc. For some organization this is a significant cultural change so it can be a challenge for some requiring careful alignment of the development process with security practices.

 

What Skills are Needed

DevSecOps Engineers require a broad set of skills. Below are some of the key criteria employers will look for.

  • Knowledge of the DevOps culture and principles – CI/CD pipeline tooling etc
  • Programming skills in one or more of: Ruby, Go, Perl, Java, Python, PHP etc
  • Passion for cybersecurity, with sound awareness of the latest threats and trends
  • Knowledge of threat modelling and risk assessment techniques.
  • An understanding of programs such as CloudFormation, Terraform, Ansible, Jenkins, Packer, Docker, kubernetes etc
  • Monitoring systems experience such as Nagios, CloudWatch, Datadog etc
  • Collaboration is a core part of DevSecOps, so strong teamwork and communication skills is a must

 

Build automation tools:

No alt text provided for this image

For further info on DevSecOps please feel free to get in contact with me on David.shanahan@itsearch.ie.