DevOps dream team or superstar DevOps engineer? Tips for aspiring DevOps engineers
© Shutterstock / Brocreative
What’s the best way to get a DevOps job? Should you make yourself marketable as a DevOps engineer or do you only need to prove that you can play well with your colleagues? In the third part of our interview series, we asked nine DevOps influencers to weigh in on the skills one needs in order to become a DevOps engineer. Plus, we talked about the importance of DevSecOps.
“DevOps is a team sport”
For some people, DevOps is a just job description — the demand for DevOps engineers has increased dramatically in the last two years but there are a lot of voices which claim that one person cannot do DevOps and that the name should be reserved for an entire team. As Eric Vanderburg, leader of the cybersecurity consulting division at TCDI and DevOps influencer says, “DevOps is a team sport.”
Interview series with DevOps influencers:
In the third part of this interview series, we talked with nine DevOps influencers about the skills one needs in order to become a DevOps engineer and the importance of DevSecOps.
9 answers: How important is it to incorporate security into DevOps? Should DevSecOps be a priority or an afterthought?
Charity Majors: Good teams have always baked security in from the very beginning of any idea or implementation.
Mike D. Kail: Given the “rise of the developer” and the continued increase in delivery velocity, it is paramount to “shift left” and seamlessly embed security testing into the entire software development lifecycle. Two key benefits of continuous security testing and scanning are increased security assurance and visibility into code lineage and delivery pipelines.
Security needs to move from being an afterthought, or mildly important, to a key priority if organizations want to have any hope of leveling the playing field against malicious hackers.
Security is a process, not a feature.
John Arundel: Security should be a mindset. Whenever you’re writing code that someone other than you will use, you have to think about ways they might try to attack and subvert it. Even better, you should try to do this yourself. This also applies to other people’s code that you rely on (for example, web servers). You will never have security because security is a process, not a feature. The minute you stop doing security, security is gone.
Gregory S. Bledsoe: DevOps maturity is plotted along two axis: Depth of Automation and Width of Collaboration. DevOps that doesn’t include security into the “shift-left” mentality is immature DevOps.
Similarly, DevOps that doesn’t bring monitoring and invite the business into the process is immature DevOps. DevOps means continually improving and maturing our process to produce predictability, reliability, and quality while removing obstacles to flowing value to market — once you have basic automation and collaboration, you have to look at bringing in more partners and stakeholders. The easiest way to get there from scratch is bring them in from the start.
The short answer is that it is critically important and whether this is overlooked is a good indicator of the organization’s DevOps maturity.
Thorsten Heller: DevOps is nothing without security and therefore it should be a high priority. So DevOps should be a synonym for DevSecOps.
Eric Vanderburg: Security is vital in DevOps. Companies spend a great deal of time and money fixing security problems after the software has been released or close to the release date that could have been solved much cheaper and more efficiently had it been identified earlier in the software development lifecycle.
Security should be involved in each stage of the life cycle to ensure that project requirements include requirements for security and privacy, initial code is tested for security issues, and deployments are performed in a secure manner, and configurations utilize security principles such as hardening, reducing the attack surface, least privilege, separation of duties, auditing, identity management, patch management, and many other core security concepts. Creating, managing, and securing applications is still a team effort and it requires a broad set of skills from different people to do it right.
Whether you call this team DevOps, SecOps, or DevSecOps, the team must work together to accomplish the business objectives efficiently and securely.
Security is critically important and whether this is overlooked is a good indicator of the organization’s DevOps maturity.
Quentin Adam: The importance of security when it comes to infrastructure is paramount and has to be at the center of all the processes. I don’t think security should be a separate process.
We all need privacy by design and in-depth security; my colleague Geoffroy Couprie wrote an article about this — The End of the Fortress Metaphor explaining this new way of building software with security as an important parameter in the process.
Now, of course, there are many levels of security. How absolute can you be when implementing this security process? It’s your choice. We, as a cloud platform, can’t compromise. It’s, for instance, one of the reasons why Docker containers running on Clever Cloud are isolated in a VM. You might think it’s ok to share a kernel between containers; we do not.
Hans Boef: Security is one of the most important parts and should be incorporated as soon as possible in the whole process.
There’s a huge demand for DevOps professionals. What skills do you need to have in order to tap into the perks that accompany the job description?
Charity Majors: Only curiosity and access.
Mike D. Kail: I’m really not a fan of using DevOps as job title or function. To me, it’s about a culture or methodology, and you should look to hire professionals that understand the core tenets of that culture, which are Collaboration, Automation, Measurement, and Sharing (CAMS). The truly great additions want to continually evolve and always look to automate and measure wherever and whatever possible.
Because [DevOps] is about people working together, one person cannot be a DevOps.
John Arundel: DevOps is not about skills either (it’s a lot easier to say what DevOps is not than to say what it is). Because it’s about people working together, one person cannot be a DevOps.
Teams of people can do DevOps, which requires attitudes of mutual respect and collaboration, a willingness to learn and expand your conception of what your job is about, and a pragmatic approach to engineering. When one team of people writes some software, and another team of people runs that software, that’s not DevOps. When one team takes responsibility for the whole lifecycle of their software, from design to production and back again, and their management rewards and incentivizes them accordingly, that’s DevOps.
Gregory S. Bledsoe: I look for a strong understanding of the fundamental principles of DevOps. The technical skills can be learned and must be continually learned and unlearned. The only constant is the underlying principles that account for why DevOps works or fails. If someone understands this, then decisions are made with the correct end in mind instead of the momentary urgency.
Jérôme Petazzoni: Curiosity, empathy, perseverance (in alphabetical order). I’m aware that these sound more like personality traits rather than skills per se, but these things will help you build up everything else that you need.
Thorsten Heller: We are seeing a rising demand for DevOps professionals with cloud integration skills. Kubernetes, Docker, Mesos or in generic cloud-native technologies go hand in hand with DevOps.
Eric Vanderburg: Communication remains the single greatest skill. DevOps is a team sport and that means that DevOps success depends upon the ability for team members to communicate.
Quentin Adam: First, you need to understand what DevOps means, which is not as easy as one would think. :) Understand that you need to work on a team and enable that team to deliver smoothly, safely and as often as possible. If you want to be more practical on the actual skills department, 2018 is all about people that are familiar and understand three basic Cloud/Distributed software concepts: 12 factors, the reactive manifesto and the CAP theorem.
Purely technical skills are not necessarily relevant and will be learned on the job.
The other aspect is the one I explain in the bookkeepers conference: DevOps is the union of developers and ops in one task force, with the same in-line goals, the same budget. And as “DevOps”, your main goal is to avoid being trapped in a weird situation where DevOps is in the middle of ops and dev.
Hans Boef: In my field of work, we noticed that testers are needed the most.
In the last part of the interview series, our nine DevOps influencers weigh in on the importance of not skipping steps in the DevOps transformation cycle, the key metrics that matter and debate whether the abundance of DevOps tools has helped or slowed down DevOps adoption. Stay tuned!
Take a look at our interview series with last year’s DevOps influencers:
Are your calendars marked for JAX DevOps 2018? If you’d like to know more about the latest trends in DevOps and meet the top movers and shakers in the global DevOps scene, join us in London between April 9-12, 2018.