Excellent James. I love that you identify all the confusion around DevSecOps. I am tempted to say it is not even a thing. No working definition. Hiring is basically for dev/infra people with security knowledge nice to have.
I feel for all the vendors selling shift-left products. Who do you even target to sell to? The VP Engineering? Does she even have budget for changing the way they do things, and possibly slowing the dev process?
Absolutely, one of the more tricky ones to define out there.
I personally lead toward the 'It's a methodology not a title' camp myself, same as DevOps, but with no clear definition its borderline impossible to come to a consensus on it. It seems many of the people writing these job ads also have no idea, it's not neccesarily thier fault, it may just be a symptom of the industry!
Yes exactly that, hard to know who to sell to outside of a CISO, who's heads are usually on the line for any breaches. As you mention, its a hard sell to slow down a developlment process for the sake of security, especially if you're only targeted and speed and quality of releases.
Excellent James. I love that you identify all the confusion around DevSecOps. I am tempted to say it is not even a thing. No working definition. Hiring is basically for dev/infra people with security knowledge nice to have.
I feel for all the vendors selling shift-left products. Who do you even target to sell to? The VP Engineering? Does she even have budget for changing the way they do things, and possibly slowing the dev process?
Absolutely, one of the more tricky ones to define out there.
I personally lead toward the 'It's a methodology not a title' camp myself, same as DevOps, but with no clear definition its borderline impossible to come to a consensus on it. It seems many of the people writing these job ads also have no idea, it's not neccesarily thier fault, it may just be a symptom of the industry!
Yes exactly that, hard to know who to sell to outside of a CISO, who's heads are usually on the line for any breaches. As you mention, its a hard sell to slow down a developlment process for the sake of security, especially if you're only targeted and speed and quality of releases.