Skip to main content
Question

What's Needed to Turn Developers into DevSecOps?


“According to an ESG survey, DevOps, without an embedded security process, produces some uncomfortable results. For instance, 45% of software releases didn’t go through any security checks or testing, while 35% of new builds are deployed to production with misconfigurations, vulnerabilities or other security issues.

One reason (34%) for these dismal results? Security can’t keep up with the cadence of software releases. To improve these results, something must change, and one impactful change is incorporating continuous threat modeling into the DevOps flow.”

Read the rest here.

What’s been your experience with DevSecOps and integrating security into development? One good experience I had was working at Automox with a CISO who described himself as “the most business friendly CISO you’re ever going to meet”.  He’s now head of security at Zoom so that strategy has been wonderful for his career.  And it was a pleasure to work with him on company security concerns.

Any success or horror stories you have to share?

 

To transform developers into DevSecOps, a cultural shift towards a collaborative approach to security that incorporates security practises from the start of the development process is required. Here are some key factors that can aid in this transition:

  • Training
  • Tools and automation
  • Shared responsibility
  • Continuous integration and delivery
  • Risk-based approach


By taking these steps, organizations can foster a DevSecOps culture that incorporates security into the development process from the start, lowering the risk of security issues and improving the organization's overall security posture.


Here are some things that can help turn developers into DevSecOps practitioners:

  1. Education and Training
  2. Security Tools and Automation
  3. Shift-Left Mentality
  4. Collaboration and Communication
  5. Culture Change

In summary, turning developers into DevSecOps practitioners requires education and training, the use of security tools and automation, a shift-left mentality, collaboration and communication between teams, and a culture change within the organization.


 

To transform developers into DevSecOps, a cultural shift towards a collaborative approach to security that incorporates security practises from the start of the development process is required. Here are some key factors that can aid in this transition:

  • Training
  • Tools and automation
  • Shared responsibility
  • Continuous integration and delivery
  • Risk-based approach


By taking these steps, organizations can foster a DevSecOps culture that incorporates security into the development process from the start, lowering the risk of security issues and improving the organization's overall security posture.

I don't personally have any horror or success stories.
But I wanted to mention that, I feel in every career shifting there is some challenges in terms of learning , if someone is open for learning new thing ,the path will be so smooth.


Ways to turn a developer into DevSecOps:
1. Join and contribute to the Open Web Application Security Project (OWASP) or promote certifications such as the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) within you organization.
2. Online training options, such as e-learning offerings from app sec companies or even YouTube, are a great starting point.

Secure software is a journey
The journey to DevSecOps presents enormous opportunities and challenges. Ultimately, you have to break down the barriers that block the three Cs of DevOps: communication, collaboration, and cooperation. Developers who help build a framework that supports DevSecOps are poised for a level of speed, innovation, and disruption that puts them and their organization at the forefront of the application economy. Don't panic. Embrace change, and you will be rewarded.

According to the 2016 State of DevOps Report, only 22% of organizations have made the switch to DevOps. Even among those organizations, DevOps is not uniformly used across teams and products. However, there are some examples of organizations that have successfully adopted DevOps and are on their way to DevSecOps. They’re demonstrating that a highly focused approach results in net gains for development teams, the enterprise, partners, and customers. For instance, Capital One moved from a waterfall approach to a continuous deployment environment that relies heavily on containers, microservices, and cloud technology.


Here are some tips on how to successfully transition from Developers to DevSecOps.

  • Strong communication and teamwork skills
  • Practice Secure Coding
  • Use The Right Tools
  • Evaluate Progress
  • Keep Learning

 The move from developer to DevSecOps is not impossible. Establish A Strong Foundation. It's important to start       by building a strong foundation for your adoption of DevSecOps. It just takes time to add some skills you need to   be productive. If you have previous experience with some of these it can be helpful.
​​​​​​​


Here are four steps to  turn Developers to DevSecOps.

  • Provide the developer’s workstation with a security plugin
  • Adopt Software Composition Analysis Tool 
  • Add Static Application Security Testing
  • Policy Constraints

  Just keep one things in your mind , DevSecOps is about starting with application and infrastructure security in mind.


Reply