Justin Somaini, speaking on The Secure Developer podcast, recently suggested that in the near future, a third to half of a security teams’ roles will transform into security-minded developer roles. Alternatively, organizations may choose to hire more DevOps team members with an interest and/or experience in security. As a CISO, how much do you know of your organization’s software delivery process? Are you separate from its development, or relatively well-informed?
How much interaction do you typically have with the DevOps team? Choosing whether or not to ask incising questions, which can slow the team down but improve product, is a tough call. Nonetheless, without your oversight, execs may see you as not careful enough.
In this situation, you’re presented with a nearly impossible conflict of security vs. speed, where speed typically triumphs.
Managing this situation and balancing priorities is made all the more complex by the fact that CISOs often have bare-bones teams. The shortage of security professionals means that resources are spread thin across any given organization, and resources can’t be allocated to DevOps in ideal ways.“This shift in ownership and role definition will make everyone’s lives easier,”
For more in-depth coverage of these ideas, visit Forbes.