Micro Focus is now part of OpenText. Learn more >

You are here

You are here

3 best practices of the DevSecOps elite

DJ Schleen Senior Manager, Software Security , Rally Health

Not everyone was grumpy this spring after several weeks on lockdown. In fact, some developers were quite happy. What did the happy ones have in common? As it turns out, many of them engage in several common best DevSecOps practices, according to this year's DevSecOps Community Survey.

Also, it turns out that happy developers are found in mature DevSecOps practices. And this matters, a lot, said Derek Weeks, co-founder of All Day DevOps and vice president at Sonatype, the survey's sponsor

"Last year, the survey drew clear distinctions between elite DevSecOps practices and immature practices. This year our focus expanded into employee engagement and satisfaction, and its impact on software security."
Derek Weeks

Here are three best practices from the front lines of DevSecOps.

Engaged developers are happiest—and build more securely

This year's DevOps Community Survey, the seventh annual, brought happiness into focus, demonstrating that happy developers are more engaged at work. Some 92% of developers in mature DevOps practices agreed with the statement "I am satisfied with my job," a rate 1.5 times more than survey participants in less mature practices.

For years, DORA’s State of DevOps Report has shown similar findings, where DevOps practitioners are most satisfied with their jobs and their businesses are more successful.

Outside of DevOps transformations, it has long been known that workplaces with high numbers of happy, engaged employees are the most successful. A 2019 Gallup survey shows that companies with engaged employees are 21% more profitable than their counterparts.

Happiness affects security, too. According to the survey, happy developers are 3.6 times more likely to pay attention to security. Those who receive security training are 5 times more likely to enjoy their work.

Mature practices are 3.8 times less likely to rely on a rumor when it comes to security incidents. Instead, these happy developers focus on empirical evidence from better-integrated tooling and from security teams.

Best practices of happy developers

The 2020 survey shares many insights into DevSecOps practices, training, and culture, but here are some specific best practices companies can take to increase developer happiness.

Build a security champions team 

Happy developers work in places with more mature DevSecOps practices. So actively participate in the transformation, because ultimately it will make your day-to-day work more efficient and enjoyable. As the folks at the Harvard Business Review remind us, "to get people to change, make change easier."

To create a champion program, nominate one person from each team. Invite everyone, but have these members be the champions for learning security. Host it once a month and supplement it with security training sessions.

You may find that the team produces more, and does so more effectively, if you keep the gatherings informal. Resist the urge to label roles or reinforce hierarchy, and see what happens. People are likely to surprise you, in a good way.

Invest in automated tooling

Automation helps you produce more secure software, faster. The DevSecOps Community Survey showed that mature DevOps teams integrate automated security tools almost twice as often (1.8 times) as immature development teams.

A simple way to introduce automation is by using browser tools that put information right where you need it.

Experiment with automation tools. It may take a few tries to find the ones that work best for your particular project or style of working. Some tools may have learning curves, so be patient. When you find the right tools and come to trust them, they reduce your workload and your stress levels. 

Communicate calmly and with candor

Building secure software isn't just about finding the right coding language. It's also about refining and improving your communication skills, in all the languages you speak.

Team dynamics are the basis of a good work culture. Be sure to consider how communication can enhance a workplace experience and improve workplace outcomes.

Stick to the basics: Be prompt, be professional, and be considerate. Everyone has a lot to manage these days, so an extra dose of kindness never hurts, either. 

Find out more

The best practices of happy developers track closely with their workplace environments. To learn more, attend my session at the Agile + DevOps Virtual conference, which is being held June 8-11, 2020. And download the seventh annual DevSecOps Community Survey, which goes into greater detail about the influence of happiness on developer behavior and business outcomes.

Keep learning

Read more articles about: App Dev & TestingDevOps