Last week, Peter Schroeter and Ryan Collins, head of DevSecOps at Upvest, and co-founder of RapidGroup, discussed how to keep Data secure while working flexibly.
Ryan brings to the table 12 years of experience from Server Administrator to CTO roles as well as experience as a Contractor. And as a business owner himself, he sees where the shortage falls and perhaps a way to fill the gap.
Security is in the Spotlight
Security is a priority for many businesses today. Avoiding negative PR has caused an internal shift in which companies take more care with their Data.
There is also a Catch-22. In order to provide higher levels of security, businesses are slowing down their developers and software engineers, and taking more engineering time which in turn costs more money. Security before cost is becoming the new reality.
The contradiction of deployment, project run time, and budgets are only part of the bigger picture. Compromise is key and follow these three tenets.
- Don’t leave anything open to vulnerability.
- Focus on auditability.
- Offer more training for Software Engineers.
The Security-Focused Skills Gap
How can you push security forward in a meaningful way when you can’t find the people you need with relevant experience?
There’s a big gap in the market right now for security-oriented DevOps engineers. The skillsets many businesses are looking for include:
- Google Platform AWS and possibly Azure with a modern suite of tools with Teraform.
- Ability to float to the development side and work in SRE to ensure things are stable and scalable.
- DevOps Engineers with experience in the GO stack are especially hard to find.
Companies want to go with what they know. However, there is a shift toward a more remote-friendly and contractor culture. When you can’t find the talent you need, sometimes it’s best to bite the bullet, and consider a Contractor.
The Case to Hire a Contractor
If this year has taught us anything, it’s that we don’t have to be confined to an office or to even one location. And yes, while there is an element of risk to being a Contractor, there are benefits to both sides.
Contractors are compensated higher because businesses have lower HR costs, less tax regulations, payroll, and reporting to do.
Though there is some risk, there is always work for because so many companies want to secure their data. There’s always something to be optimised, always something which needs attention. You won’t be without work for long, if you have the skills.
Disconnect Between Capability and Desire in the Market
Some candidates have mentioned they have 60% of the skills required, but not enough project-based experience. How do you reconcile the disconnect?
It’s hard to specialise in DevOps, DevSecOps, and similar roles because it’s about automation, you have to be that "Swiss Army Knife", you have to live in the middle. You have to know how to get into the code, you have to know how to get in and do the CI workflows, etc. It’s almost Developer plus value-added skills or security engineer plus value-added skills.
Remote Working Habits You Need Now
- Have a separated space set up for work.
- If you have a mix of people in office and those working remote, you have to make sure they’re communicating with each other.
- Rolling coffee breaks within Google Meet or something similar.
- Have a task management and time tracking system used by employees both on and offline.
- Build culture by picking at random two people and putting them together for a half hour to have a conversation that isn’t about work.
Startup vs Legacy Hiring
Don’t box yourself in, but understand startups have a unique set of skills they need and most often without the budget to train someone. Whereas legacy businesses more often than not have the budget to train someone in the skillset they need. However, it’s important to note, the tech stack itself doesn’t really change.
Best Practices for Async-Comm Teams
Remember not everyone works in the same time zone. Don’t expect and immediate answer, and if you need an immediate answer, pick up the phone.
Make sure your team has remote tools such as Slack or Google Meet and is doing most of their communication this way, even if they are in an office. If you don’t, your remote workers could be missing key information.
The Future of DevOps and Data Security
Many businesses may see a shift toward a more open working environment which is a good balance for what works best for talent and is good for productivity as well. Ultimately, we’re all solving the same challenges
What is most important when it comes to keeping Data secure?
Most important is getting people, systems, and education in place to do something in the first place. In other words, build from concept rather than moving too fast and breaking too many things.
How Can Prospective Candidates Prepare?
Focus on continuous learning and getting your skillsets like automation tools. If you really want to get involved with security side and SRE, you really have to get involved with the development side, too. Using the modern tech stacks like the GOLANG, the RUST, the SWIFT on the mobile side, and there’s always new pieces to the puzzle.There’s room for all types of relationships.
Whether you’re looking for a long-term role, a short-term role, or something in between, DevOps is a never-ending project, so continuous learning is key for both candidate and company.
You can watch the full conversation below: