Micro Focus is now part of OpenText. Learn more >

You are here

You are here

5 ways software teams can fast-track DevSecOps training

public://pictures/Robert-Lemos-Technology-Journalist-Lemos-Associates.jpg
Rob Lemos Writer and analyst
 

New hires are almost never a perfect fit. Developers coming straight out of universities and colleges often do not have experience in DevOps, secure coding, or working as a member of a large development group.

Most software makers have developed ways of integrating programmers into their teams as quickly as possible. Game maker Ubisoft, for example, has created an entire pathway to train new hires in its development process and to teach them the necessary skills to become part of a DevOps team. 

Security is a key component of the path that every developer takes, and interested employees can specialize in application security and work with the security team to develop application tests or anti-cheating technology, said Pierre Romagne, IT service director at Ubisoft.

"We believe in individualized needs and learning styles," Romagne said. "With that in mind, depending on what the technical development areas are—ranging from junior to senior developers—we created an internal training program to help developers continue to grow in their professional skill set."

Companies continue to complain about college graduates' lack of practical development expertise. Yet even veteran programmers may be novices when it comes to DevOps, so development groups that are focused on agile programming might not be able to find developers with the necessary expertise.

Here are five ways companies can quickly teach new hires their approach to development and application security.

1. Develop a goal-oriented approach

Ubisoft's approach has been to create a development program that gamifies the learning experience for developers. Programmers can earn badges and other rewards while learning DevOps and application security topics.

The topics vary depending on how far a developer has advanced. A junior developer would receive technical training aimed at improving weak skills and teaching multiple programming languages and development practices, such as agile methodology, design patterns, and security. More advanced developers would likely focus on specialized topics such as graphics, artificial intelligence, or security.

This is also a way for us to measure their level and acquired competencies, Romagne said.

"Security is part of every path and can also branch out into a specialization with opportunities in our security team responsible for developing pen test or anti-cheat solutions."
Pierre Romagne

2. Build pipelines to teach skills early

Another parallel approach is to teach students more about DevOps tools and develop a pipeline of more skilled programmers. GitLab, a maker of DevOps tools and services, has adopted this approach, granting free licenses to educational institutions to spur greater adoption. The initiative has had some early success. Nearly three-quarters—73%—of students and staff actively use GitLab, GitHub, or another service for source code management in their development pipeline, the company found in a recent study.

Security, however, continues to be avoided by many. Nearly half—46%—of developers in schools do not use the tools for security testing—the "secure" step in GitLab's pipeline—and 51% do not use the defensive features.

While students may not have a significant amount of depth in any one stage, we hope for that exposure across the different stages, said Christina Hupy, senior education program manager at GitLab.

"What we are finding are security skills and defend skills are taught less in traditional higher education."
Christina Hupy

3. Assign a mentor

To give every new developer a first point-of-contact, Ubisoft assigns a buddy. While not a mentor per se, the buddy developer is expected to answer questions about the development environment, the process, the pipeline, and where to go for additional information. New developers' buddies also teach them some core communications and teamwork skills that many college students and solo developers typically do not have.

New graduates just need to be mindful of the importance of documenting their work and establishing processes for colleagues that may be in a different country but collaborating on the same project, how to participate in code review, and how to share your feedback to colleagues, Ubisoft's Romagne said.

"This is why we leverage our internship program to help students before their graduation to get ready for their first job, in a meaningful way."
—Pierre Romagne

4. Use bootcamps and professional certifications where needed

GitLab has a professional development organization to teach other companies' developers DevOps skills and working in a software development pipeline.

Cybersecurity is one of those skills that you would add on with a more professional training program, GitLab's Hupy said.

"One of the problems is, previously, DevOps consisted of all these different tools, so there is a general lack of awareness among developers of how to use the tool sets to secure code."
—Christina Hupy

Ubisoft has also pursued career development and professional training for its developers, Romagne said.

The company has a strong belief in the ongoing development of its engineers, and it tries to provide them with custom training programs—allowing the company to focus on specific areas such as secure coding, "while also having the long-term perspective and career growth for our teams," Romagne said. He added that the company has partnered with schools such as Operation Spark and has a new partnership with Simplon to design scholarship programs and workforce pipelines for young talents to join Ubisoft with the foundational required skills.

5. Develop soft skills quickly

Students often work alone, or in small groups, and usually do not have to write code for future developers to understand and use. As such, communication, documentation, and other soft skills are not given much import.

Companies have to change that, said Ubisoft's Romagne.

"As part of our DevOps journey, we measure our developers’ maturity through different criteria, both people- and tech-oriented. Collaborative skills are at the top of that list. We want our developers to not only be able to write good, high-performing, production-ready code, but also to foster collaboration between others on the DevOps and business teams."
—Pierre Romagne

Think training for all

Whether recent graduates, independent programmers, or coders from non-agile companies, the fact is that most developers will need to be trained to be integrated into DevSecOps practices. By training them on important topics, such as good documentation and the use of security technologies, you are sure to have a team that can get its modern application security game on.

Keep learning

Read more articles about: SecurityApplication Security