Professional development

Fast-growing field of DevSecOps is opportunity for IT pros

Patrick McSweeney
November 10, 2021 by
Patrick McSweeney

Security breaches like those involving Coursera, Experian and Peleton earlier this year are driving home the need for DevSecOps to improve the security of APIs and other types of software.

DevSecOps is a growing field ripe with opportunities for IT professionals and software developers, especially now that workers and much of daily business have moved to the cloud because of the COVID-19 pandemic.

“DevSecOps is a combination of three words, development, security and operation,” said Infosec Skills author Remi Afon, an experienced DevSecOps consultant and cybersecurity specialist who recently released a DevSecOps learning path in Infosec Skills.

 

DevSecOps Learning Path

 

Why organizations implement DevSecOps

 

DevSecOps is a shift in thinking, adding security into software development and IT operations (DevOps) from the beginning rather than at the end. Without security, your development lifecycle is open to bugs and vulnerabilities, putting your organization and customers at risk.

“It is all about integrating security into development and operations from the moment you conceive the idea of developing the software, what we call ‘shifting left,”’ explained Afon. “It’s about identifying vulnerabilities as early as possible and fixing them before going live.”

While DevSecOps primarily concerns culture and process, it is a fast-growing niche with an annual growth rate of about 33 percent expected for the next five years, according to a recent market study published by Global Industry Analysts Inc.

“I'm quite passionate about DevSecOps and the benefits of applying secure processes and principles that augment business capabilities and enrich an organization's relationship with their customers,” said Afon. “My new courses are for anyone curious about or aspiring to jump into DevSecOps space — coders, developers, information security and IT leaders. It’s a good way for organizations that want to implement DevSecOps to get their staff started.”

 

COVID-19 pandemic quickens the pace of change

 

The Coronavirus pandemic changed the way people and businesses work. The almost overnight shift to work-from-home combined with SaaS applications, collaboration services and connectivity are leading the changes and the need for greater security.

The sharp increase in cloud services and the near abandonment of enterprise networks are two more pandemic-induced trends with security issues. Once office buildings and data centers were vacated, many of the benefits of private infrastructure were negated.

These trends are significant for DevSecOps and IT departments because once organizations fully incorporate cloud services into their workplaces, few will go back to pre-pandemic on-site workplaces. A PwC survey earlier this year showed that most employees would likely work remotely more than half the time.

Cloud-native applications require DevSecOps practices and tools to incorporate cloud development and deployment and at the same time maintain security.

“According to Gartner, DevSecOps practices will be embedded into 80 percent of rapid development teams by the end of 2021,” said Afon. “It’s a new area in the security realm. One  of the challenges is that most organizations don't understand DevSecOps, and they're not really sure who should be managing DevSecOps within the organization.”

 

Learning DevSecOps with Afon

 

Afon said his new DevSecOps learning path is focused on threat modeling and tools for security testing like software composition analysis, secret management, and static and dynamic application testing.

“We also dive into the software development lifecycle, and students are introduced to basic container security with Kubernetes and Dockers — these are kind of the latest technology.”

The goal of his courses is to teach security practices, principles and tooling for the software development processes. You will learn how to design and build security into the continuous integration and continuous delivery (CI/CD) pipeline using processes and tools to automate software delivery. By the end of the learning path, you will acquire core DevSecOps skills, such as threat modeling, SCA, SAST, DAST and container security.

There is also a hands-on project to put into practice what you’ve learned about DevSecOps.

At the end of this eight-hour course, you will have the knowledge and skills to integrate security into DevOps platforms and run secure systems.

“These are good skills to have, especially if you are trying to advance into DevSecOps,” Afon added.

 

Who should learn DevSecOps?

 

Afon said anyone with basic IT knowledge could benefit from this learning path, and it can open doors for them into a new career.

“I've made this course as simple as possible because if you want to jump into DevSecOps, you need to understand what software is all about, understand things like vulnerabilities and threats,” he said.

“It's going to be easy for whoever attends this course to be able to jump into and use the commercial tools available out there. Anybody that has got basic computing knowledge can easily pick up this course and also jump into that DevSecOps space.”

 

Sources

 

Patrick McSweeney
Patrick McSweeney

Patrick McSweeney began his career in print and then broadcast journalism before pivoting to become an award-winning public relations strategist. During the past 30 years, he has worked with clients ranging from technology companies to food retailers, restaurants, tourism destinations and from manufacturers to nonprofits, real estate development and government agencies.