Your video is not explaining the role of a DevSecOps Engineer "FULLY." I am a DevSecOps Engineer and the role of a "DevSecOps Engineer" is much, much more than just building and maintaining CI/CD pipelines for deploying an application into Production with additional security checks. This is a major misconception people have with the term DevOps and DevSecOps as a cultural methodology vs what an actual DevOps or DevSecOps Engineer actually does. We do everything a DevOps Engineer does (the role of a Cloud Engineer and the role of a Systems Administrator, utilizing Infrastructure as Code/automation), but we also automate, manage, and maintain the security tools in addition (firewalls, IDS, IPS, etc) to meet compliance set fourth by RMF. In short a DevSecOps Engineer (at least at my organization) does DevOps (again which is not strictly CI/CD
Thanks for the great video! I agree about automating SAST and the mountain of false positives it can create being a massive headache. I am currently working as a DevSecOps Engineer. I would really like to hear about Ashish's journey from DevSecOps to CISO. That is my long term career goal, but I struggle with what to do next to make sure I am moving in that direction.
Is DevSecOps considered a track within Cybersecurity? I’m currently an ISSO and work with the RMF (GRC) and would like to pursue this track in the cleared space. DevSecOps is huge and new with the DoD and all the software factories standing up.
But once the dev ops pipeline is established after that does this DevSecOps engineer would do. What is mean if we we have team of 3 to 4 people they would have not much to do after the pipeline establishment
Timestamps 0:00 Preview 1:26 What is the DevSecOps Engineer job? 7:07 What skills are needed to do the job? 12:13 What is/are the PROS of the job? 13:57 What is/are the CONS of the job? 17:12 Best way to get these skills?
great video..i am currently into SOC in India.only problem for me are rotating shifts every week which is not suitable for my health..can you suggest roles after SOC that does not require shift work..any videos..btw great video
Not sure how it works in India but digital forensics and malware Analyst are bot out of the blue side and would be familiar to soc analyst. I do have videos for each on the channel.
Thanks for having our host on the show Gerald! You are a good interviewer :)
🥰 You are very kind. Ashish was insightful and a delight.
Your video is not explaining the role of a DevSecOps Engineer "FULLY." I am a DevSecOps Engineer and the role of a "DevSecOps Engineer" is much, much more than just building and maintaining CI/CD pipelines for deploying an application into Production with additional security checks. This is a major misconception people have with the term DevOps and DevSecOps as a cultural methodology vs what an actual DevOps or DevSecOps Engineer actually does. We do everything a DevOps Engineer does (the role of a Cloud Engineer and the role of a Systems Administrator, utilizing Infrastructure as Code/automation), but we also automate, manage, and maintain the security tools in addition (firewalls, IDS, IPS, etc) to meet compliance set fourth by RMF. In short a DevSecOps Engineer (at least at my organization) does DevOps (again which is not strictly CI/CD
Want to come on as a guest?
I have a strong security architecture not devops. The learning curve was steep but possible. SANS Sec540 training helped glue everything together.
Thanks for the great video!
I agree about automating SAST and the mountain of false positives it can create being a massive headache.
I am currently working as a DevSecOps Engineer. I would really like to hear about Ashish's journey from DevSecOps to CISO. That is my long term career goal, but I struggle with what to do next to make sure I am moving in that direction.
Thanks for sharing! I'll message Ashish and see if he can answer that (or if he wants to come back on stream).
Keep on bring the knowledge Gerry!
Is DevSecOps considered a track within Cybersecurity? I’m currently an ISSO and work with the RMF (GRC) and would like to pursue this track in the cleared space. DevSecOps is huge and new with the DoD and all the software factories standing up.
Yes James - that is correct!
How did you land your ISSO role?
This was such a good, informative interview. I learned so much and I am looking at learning some DevSecOps soon!
Thanks DJ. I learned a lot too, its def a mysterious role in the industry. Hope you're well and your projects are crushing it.
That was excellent. I had been wondering exactly what devsecops meant. A good goal to focus towards
Glad it was helpful!
Thanks for having me on to talk about DevSecOps Gerald! :)
Your insight was well received by the community.
But once the dev ops pipeline is established after that does this DevSecOps engineer would do. What is mean if we we have team of 3 to 4 people they would have not much to do after the pipeline establishment
Great as usually, thank you :D
Thanks so much. Ashish was great to talk to and really answer this question. ( I was wondering the answers too).
Timestamps
0:00 Preview
1:26 What is the DevSecOps Engineer job?
7:07 What skills are needed to do the job?
12:13 What is/are the PROS of the job?
13:57 What is/are the CONS of the job?
17:12 Best way to get these skills?
great video..i am currently into SOC in India.only problem for me are rotating shifts every week which is not suitable for my health..can you suggest roles after SOC that does not require shift work..any videos..btw great video
Not sure how it works in India but digital forensics and malware Analyst are bot out of the blue side and would be familiar to soc analyst. I do have videos for each on the channel.