You know why it’s time to learn DevSecOps. But do you find yourself asking how one actually goes about gaining DevSecOps skills?
That’s a fair question. Unlike other types of IT roles, DevSecOps is not something that you’re likely to learn in school. You might get a degree in software engineering or systems administration, but I’ve yet to see any traditional educational programs in DevSecOps. (And while ideally any kind of IT training will include instruction in security best practices, the reality is that not all do.)
That does not mean, however, that there are no useful DevSecOps learning resources available. They may be harder to find than other types of IT training resources, but they exist. Below, we’ll take a look at several ways that you can learn DevSecOps, or expand the DevSecOps skills you already have.
Formal DevSecOps Training
Several organizations offer formal training courses in DevSecOps. Some also offer DevSecOps certifications. The major two include:
These courses require a significant investment of time and money. But given the central importance that IT security has assumed for many employers, being able to prove that you’ve completed formal training in DevSecOps may be worth it career-wise. And you just may learn something, too, about security best practices.
Another way to learn about DevSecOps is by attending events that focus on it.
In this category, DevSecCon is the largest recurring event dedicated to DevSecOps. Actually, it’s a series of events held in different parts of the world each year.
The content of the talks at each event can vary. Not all talks cover narrowly defined DevSecOps topics; some deal with more generic security topics. Still, helping IT professionals integrate security best practices into their work (whether that work is development, IT Ops or something else) is the central focus of most of the talks and workshops at the DevSecCon events. If you can swing one of these get-togethers, they can be a great resource for in-person learning about current DevSecOps trends.
If you prefer the autodidactic approach to learning about DevSecOps, or if you already have a foundation in DevSecOps but want to stay on top of the latest trends, you might be interested in following blogs that focus on DevSecOps. They include:
- The blog on DevSecOps.com, which wants to do for security what the Agile movement did for software development. Unfortunately, the group’s blog no longer appears to be actively maintained, but its existing entries are still useful.
- The Twistlock blog, one of the most active blogs focused on DevSecOps topics.
- DevOps.com, another very active media site. While DevOps.com focuses on all things DevOps-y, it has a number of entries dedicated to DevSecOps.
- Cisco’s DevSecOps blog series. This set of blog posts is limited in scope, but includes some interesting real-world perspective on DevSecOps. The first post in the four-part series is here.
Learning DevSecOps is not one-stop shopping, of course. No matter where you begin educating yourself about DevSecOps, whether it’s through a formal DevSecOps training course, a conference or online information that you research and study on your own, there will always be more to learn as DevSecOps best practices evolve and security needs change.
If you’re looking for a place to get started on learning DevSecOps, however, the resources above are excellent starting-off points.