We had over 5,500 people respond to the DevSecOps Community Survey this year, making it the largest DevSecOps Survey ever. The findings, now available here, provide clarity into the state of DevSecOps.
We wouldn't be able to collect these important insights without everyone who takes the time to complete the survey. So, as part of the program we also conduct a raffle for the participants; which include some particularly awesome prizes, if I do say so myself. As someone who never wins anything, picking the winners was especially valuable for me. It's not every day that you can win a free Macbook Air or Amazon gift card.
So, without further adieu, I'm proud to introduce one of this year's winners: Brian McClung, Director of Deployment and Integration at Ericsson. We asked him to share a bit more abut how he views DevSecOps and why it matters to him:
Why are DevSecOps practices important to you?
As we have increased our ability to deploy code to production, we have also increased the potential for rapidly releasing new security holes. Deploying security vulnerabilities with a release is as critical, if not more critical, as releasing bugs to production, and needs to be tracked similarly.
What is the most valuable lessons you have learned throughout your DevSecOps journey?
As in a typical DevOps journey, adding in Security is not as easy as plugging in new tools and calling it a day. Teams need to be trained on best practices both in the use of the tools as well as in writing code. Keeping teams up to date with the latest vulnerabilities and best practices is an ongoing exercise that needs quarterly, if not more frequent, updates.
What advice do you have for someone just starting out in their DevSecOps journey?
If you’re in the middle of a DevOps roll out, adding Security into the process should not be too much of a culture shock. Teams that have gotten used to code scans, automated builds and releases, will be able to integrate the process easily enough. It’s the additional work and training that will culturally need to change. Developers that once felt security was someone else’s responsibility will need to change their mindset and realize that it is everyone’s responsibility. This may require bolstering team member skill sets so they are better prepared to work with the new workflows.
Congratulations, Brian. It was a 1 in 5,558 (0.018%) chance that you would win - and you did it!
To everyone who else did not win (like me), thanks again for participating in the survey this year. There's always next year to test your odds!
Written by Janie Gelfond
Janie serves as the Community Marketing Manager at Sonatype. After starting with the company as an intern, she has worked her way up and is now a core part of the team.