How choosing the right team will keep your business secure and help it keep pace with the sprinting speeds demanded by the market. Credit: Thinkstock Technology is evolving at breakneck speeds. Just as developers got their bearings with Agile development, devops cropped up to bring development and operations together. Although devops is providing some great results as it helps meet the demands of today’s development teams, many are still adjusting to the change, particularly when it comes to the evolving role of the developer. devops is an extension of agile’s cross-functional teams to include operations, which means developers need to understand how things will run in production earlier in the cycle. So in this new landscape, how can an organization figure out the attributes to look for when creating development teams?Eenie, meenie, miny, moe: Finding the ideal developerDevelopers have always been hard to pin down. Playing in a seller’s market, they often jump around, enticed by new offers and higher salaries—but that’s beginning to change. devops has forced this group to expand their footprint and take on more responsibility. In addition to turning around functional code on tight deadlines, they are now responsible for meeting operational and security requirements during the development process. Development has shifted from a specialization to a multidiscipline career.Effective developers are the ones that can constantly adapt and learn the new skills necessary for their evolving role. Whether it’s learning a whole new language or adapting to changing business needs, developers will always need to respond to something different in their environments. For example, one day a manager may tell the developer that the app they spent hours of hard work on is taking up too much server space. Being able to take on that challenge and figure out how to adjust the app to meet those changing requirements is critical for their success and the business. To further enhance their abilities, organizations can encourage developers to attend conferences, participate in workshops and promote involvement in online communities. The barriers to entry for learning new skills are lower than ever. They also need the ability to manage others and mentor less experienced coders. Developers aren’t expected to simply hack away on their own anymore. Security is part of the “complete package” In devops, the responsibilities of software stability and security have continued to shift left into the developer domain. Now it’s up to organizations to ensure that their developers are ready to take on new and sometimes complex challenges. This is especially important when it comes to security because devsecops—the security-focused approach to devops—is crucial for quality maintenance and long-term app viability.When looking for ideal developers in a devsecops team, organizations must consider security as a top priority. Organizations should seek out developers who have base-level knowledge of secure coding practices. You don’t need a team of application security experts, but enthusiasm and a willingness to tackle the challenge of security goes a long way. Organizations should also appoint “security champions” who make it their mission to learn secure coding practices and help team members overcome application security challenges. Moreover, it is paramount that these developers be comfortable with tools that aid in secure coding, like dynamic and static scanning. Some developers may be distrustful of automated tools because they have a reputation for generating a high rate of false positives—however, automation is an important part of a successful devsecops practice. Developers need to get in the habit of scanning code early and often so that they can catch and correct security-related defects before they become exposed vulnerabilities.In today’s enterprise landscape, it’s become clear that organizations require developers to adopt an agile and flexible mindset while constantly growing their skillset and knowledge base. But the burden doesn’t fall on the developer alone. Organizations need to help mold these their developers into the best devsecops teams. There is no one skill that will help organizations execute successful processes that generate secure applications. Increasingly, they need to look for “the complete package” and that package includes security. It’s the only way organizations will keep pace with the sprinting speeds demanded by the market. Related content opinion The ethics of creating secure software The permeation of software into every aspect of our lives makes it impossible to avoid. Software has transcended from a technical process into the realm of social morality. Therefore, the consequences are on a massive scale across the whole of societ By Chris Wysopal Sep 07, 2018 5 mins Enterprise Applications Security Software Development opinion Blockchain only as strong as its weakest link The blockchain might be secure, but is all the software interacting with it? In many cases, no. We’ve seen in an increase in cyberattacks due to vulnerabilities in the software side of the blockchain, from wallets to smart contracts to exchange By Chris Wysopal Aug 06, 2018 4 mins Blockchain Security opinion Keeping the Stars and Stripes secure Some of the most pressing threats to our national security are found not in the physical world, but in cyberspace. It's past time for our nation to adapt to the changing landscape and bring our security infrastructure up to speed. By Chris Wysopal Jun 15, 2018 5 mins Government IT Government Technology Industry opinion The good, the bad & the ugly of using open source code components Using these risky snippets of code has become standard for developers, but what do they actually think about them? By Chris Wysopal May 09, 2018 5 mins Application Security Open Source PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe