Choose your devsecops team wisely: Your apps depend on it

How choosing the right team will keep your business secure and help it keep pace with the sprinting speeds demanded by the market.

hiring
Thinkstock

Technology is evolving at breakneck speeds. Just as developers got their bearings with Agile development, devops cropped up to bring development and operations together. Although devops is providing some great results as it helps meet the demands of today’s development teams, many are still adjusting to the change, particularly when it comes to the evolving role of the developer. devops is an extension of agile’s cross-functional teams to include operations, which means developers need to understand how things will run in production earlier in the cycle. So in this new landscape, how can an organization figure out the attributes to look for when creating development teams?

Eenie, meenie, miny, moe: Finding the ideal developer

Developers have always been hard to pin down. Playing in a seller’s market, they often jump around, enticed by new offers and higher salaries—but that’s beginning to change. devops has forced this group to expand their footprint and take on more responsibility. In addition to turning around functional code on tight deadlines, they are now responsible for meeting operational and security requirements during the development process. Development has shifted from a specialization to a multidiscipline career.

Effective developers are the ones that can constantly adapt and learn the new skills necessary for their evolving role. Whether it’s learning a whole new language or adapting to changing business needs, developers will always need to respond to something different in their environments. For example, one day a manager may tell the developer that the app they spent hours of hard work on is taking up too much server space. Being able to take on that challenge and figure out how to adjust the app to meet those changing requirements is critical for their success and the business.

To further enhance their abilities, organizations can encourage developers to attend conferences, participate in workshops and promote involvement in online communities. The barriers to entry for learning new skills are lower than ever. They also need the ability to manage others and mentor less experienced coders. Developers aren’t expected to simply hack away on their own anymore.

Security is part of the “complete package”

In devops, the responsibilities of software stability and security have continued to shift left into the developer domain. Now it’s up to organizations to ensure that their developers are ready to take on new and sometimes complex challenges. This is especially important when it comes to security because devsecops—the security-focused approach to devops—is crucial for quality maintenance and long-term app viability.

When looking for ideal developers in a devsecops team, organizations must consider security as a top priority. Organizations should seek out developers who have base-level knowledge of secure coding practices. You don’t need a team of application security experts, but enthusiasm and a willingness to tackle the challenge of security goes a long way. Organizations should also appoint “security champions” who make it their mission to learn secure coding practices and help team members overcome application security challenges.

Moreover, it is paramount that these developers be comfortable with tools that aid in secure coding, like dynamic and static scanning. Some developers may be distrustful of automated tools because they have a reputation for generating a high rate of false positives—however, automation is an important part of a successful devsecops practice. Developers need to get in the habit of scanning code early and often so that they can catch and correct security-related defects before they become exposed vulnerabilities.

In today’s enterprise landscape, it’s become clear that organizations require developers to adopt an agile and flexible mindset while constantly growing their skillset and knowledge base. But the burden doesn’t fall on the developer alone. Organizations need to help mold these their developers into the best devsecops teams. There is no one skill that will help organizations execute successful processes that generate secure applications. Increasingly, they need to look for “the complete package” and that package includes security. It’s the only way organizations will keep pace with the sprinting speeds demanded by the market.

This article is published as part of the IDG Contributor Network. Want to Join?

New! Download the State of Cybercrime 2017 report