Yamila Saiegh, June 12, 2020 | 3 min read

What is SecDevOps?

When it comes to the tech world, growth and change are constants in its evolution. From new languages and systems to advancements in automation and processes, there is always something new to learn and to build. 

As teams have grown, processes become more complex, and demands for security increased, SecDevOps has moved to the forefront as a necessary part of any technological infrastructure.

What is SecDevOps? 

To tackle this let’s take a tactic out of one of my English teachers’ toolkits (thanks Ms. K!), and break it into its component parts. 

Sec = Security

Dev = Software Development

Ops = IT Operations

DevOps, the last two component parts, has a bit more name recognition, and in its further evolution has come to include Security as an essential part of the system. 

The goal of DevOps (Software Development and IT operations), is to deliver high-quality software at scale and with speed, working across multiple teams and with multiple technologies. With developers focusing on feature expansion and bug correction, the operations teams are prioritizing the consistency and availability of the product. Where DevOps comes in, is establishing agreed-upon processes and procedures, ultimately improving productivity and collaboration. 

DevOps isn’t a technical language or piece of machinery, but rather a shift in culture, infrastructure, and processes. Within a DevOps mindset, teams are able to work better together, think more alike, and establish shared responsibilities. 

How DevOps does this, in the simplest terms we could manage for what can be a very complex system, is through automation. By automating workflows and continuously measuring performance the teams are then able to spend more time attending to other business needs. This allows for the company to work faster and more efficiently, responding to market needs in a much shorter time and staying competitive in their work. 

But where does the Sec(urity) come in? 

Increased speed and productivity can often come at the expense of more bugs or security flaws that can threaten the overall infrastructure of a system. This is where adding a focus on Security into the traditional DevOps mix comes in. The goal of a SecDevOps approach is to ensure teams can deliver quick, efficient, and functional software without sacrificing security.

SecDevOps, focuses on incorporating security best practices into the collaborative DevOps pipeline. The same way DevOps has made sure to include the operations team, SecDevOps aims to integrate security into every aspect of the development process. A successful SecDevOps (try saying that three times fast) approach requires changing the culture to embrace security and include it at every step, rather than as an afterthought. For this to work, the entire company needs to restructure the infrastructures, processes, and emphasize a culture that views security as a priority. 

In the last few years, there has been more attention towards security and privacy in tech and on the internet. Information leaks at companies like Facebook, Marriott, Quora, and other industry giants have affected millions of users. Estimates show that the average cost of a data breach to a company is around $150 million in 2020, and add up to more than $2.1 trillion in costs across the globe yearly (x). In response to these risks, 77% of corporations in the US bought into DevOps by 2018, with more companies joining since. As a result of implementing these new processes, 63% of these companies report an advancement in their software deployments and 55% have noticed improved cooperation across their teams (x). 

As companies have emphasized security needs as a vital aspect of the development process, so too has the need for talent in the workforce to adapt to these evolving priorities. As the workforce responds to these demands, building the skills utilized in a SecDevOps environment becomes a powerful addition to a candidates toolkit. 

 

Interested in building relevant skills in SecDevOps? Download a free program overview for an upcoming course here.

Interested in building your team with skilled SecDevOps talent? Connect with our team here

The tech workforce and SecDevOps alike continue to adapt and change in response to the needs of companies in pursuit of growth. At Tech Talent South, we work hard to connect companies and candidates with the resources they need to grow and thrive. Our inboxes are always open and we hope to connect with you soon! 

 

References: 

https://www.altexsoft.com/blog/what-is-secdevops/

https://blog.sqreen.com/secdevops/

https://www.business2community.com/cybersecurity/how-secdevops-can-improve-your-software-and-protect-your-business-02193638