The DevSecOps Lead Engineer is responsible for the management, development, and automation of information security features/controls related to all applications and infrastructure.
This individual ensures that cloud infrastructure, operating, and software systems, and related procedures adhere to organizational expectations of security, availability and performance.
This individual will, but not limited to, assist the Information Security Architecture and Engineering, Developers, and Infrastructure teams with technical design and requirements; collaborate with DevOps leads to create automated solutions, manage, and develop security features/controls; integrate completed features and compliance checks into the automation pipeline. Additionally, they will participate in the Software Development Life Cycle with a focus integrating security controls.
First, let’s make sure we are on the same page when it comes to defining DevOps before we jump into the DevSecOps / SecDevOps.
What is DevOps? | Opensource.com DevOps is a word that is used to describe a set of modern IT practices which seek to more closely bring together software developers and operations staff to work on the same project in a more collaborative manner. The desire is that by breaking down barriers which have traditionally existed between these two sides of the IT department, organizations can reduce the time and friction involved in deploying new versions of software. This effort will ideally lead to shorter development cycles which ideally may save time and money, and give the organization a competitive edge against others with longer, more traditional development cycles.
What is DevOps? DevOps is the union of people, process, and products to enable continuous delivery of value to our end users.
What is DevOps? | DevOps Learning Center DevOps is the union of people, process, and products to enable continuous delivery of value to our end users. The contraction of “Dev” and “Ops” refers to replacing siloed Development and Operations to create multidisciplinary teams that now work together with shared and efficient practices and tools. Essential DevOps practices include agile planning, continuous integration, continuous delivery, and monitoring of applications.
Developers and operations working together from the start, rather than developers send code to QA for testing and walking away. It is a way of working, not a new technology. You can’t “DevOps” something.
You guessed it, instead of sending applications, updates, and code to the dreaded internal security team to see how many ways they can kill the project. DevSecOps continues the culture shift change by bringing security in from the beginning and working together rather than in silos with different goals.
What is DevSecOps? Developing more secure applications | CSO Online The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.
Firms need to move from DevOps to DevSecOps, says expert In view of the data breach at Uber and other high-profile organisations that came to light in 2017, there are three DevOps security trends that should be on the radar of every organisation, she said.
Cutting Through The Headlines To Create A DevSecOps Strategy But there’s also a significant downside to headline-driven security. Effective cybersecurity is not a game of whack-a-mole. It’s a highly challenging endeavor that requires rigorous discipline — especially when it comes to optimizing the allocation of your company’s very limited cybersecurity budgetary and staff resources. So if you throw those resources at a headline just because it’s a headline, you’ll lose.
Mitigate Digital Transformation Cybersecurity Risk With ‘DevSecOps’ Just as digital transformation requires breaking down organizational silos, so too with cybersecurity. “Security needs to be part of everyone’s job,” explains Fraser Scott, Cloud Security & DevSecOps at Capital One. “Security being a constant blocker just won’t scale. Either that or you end up with shadow IT.”
If video is your thing, here a few interesting videos explaining DevSecOps a lot better than I can.
And yes, there is conference #DevSecCon