Devsecops Interview

Let’s begin you career in DevSecOps | An Exclusive Interview with DevSecOps Certified Expert – Andreas Horn

The term DevSecOps stands for development, security, and operations terms and it refers to a development practice that incorporates security initiatives at each stage of the software development lifecycle for the delivery of the robust and secure applications.

The integration of the application and infrastructure security can be made easily with the Agile and DevOps tools and techniques after the advent of the DevSecOps.  Whenever the security concerns emerge, the DevSecOps found to be simpler, easier and less expensive to fix. 

Why do you need to have a career in DevSecOps Certification?

As discussed earlier, advancements made in the IT industry and it significantly makes it easier to incorporate DevOps methods into app design but this kind of innovation does not attain its peak due to the advent of various compliance monitoring and security tools.

DevSecOps can transform security of the application and infrastructure from being primary security silos into shared responsibility of security, development and IT operations teams. It is made possible to release the software sooner as well as safer by the automation of the secured software supply without causing delays in the software development cycle after the usage of DevSecOps.

As a result, various rapid application techniques tend to stack back by the inappropriate security measures. When this kind of situation emerges, then what’s the usage of incorporation of DevOps methodology?

To get answers for those questions, Whizlabs interviewed the DevSecOps certified professional, Andreas Horn who has 8+ years of working in  all aspects of the IT service business, including strategy, sales, financial management, planning, technical development, operations, and delivery management. We seek his guidance to learn more about DevSecOps as a subject and a profession and also his career trajectory in as DevSecOps.

During the discussion, he discussed a lot more about his journey in DevSecOps, its certification path, skills required, preparation tips and so on. 

Read ahead to know more about what he discussed with us and how to succeed in your career in DevSecOps.

What is DevSecOps?

DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications. 

Can you describe your experience working with DevSecOps, how you got into this field?

I started to work at IBM Consulting as an IT Consultant and switched early in my career into a project, where we used a lot of DevSecOps related practices. 

First I started in a more agile role and later I switched over to engineering roles. How do you prioritize security within the development process? 

Building secure networks and applications is the number one priority and plays a key role in the whole lifecycle. From developing, testing, to the deployment. All employees get special training every year when it comes to the latest security aspects and features to consider. On top we have in our team security experts which help us to apply security frameworks etc. 

Can you provide an example of a time when you had to balance the needs of development and security?

 My philosophy is that development and security need to go hand in hand. 

How do you stay up to date on the latest security threats and trends? 

We have a threat detection center which gives out critical information when they occur. Moreover, I read daily news websites to understand if there are new vulnerabilities etc. (e.g. https://www.heise.de/)

Can you discuss the role of automation in your DevSecOps work? 

We try to automate as much as possible, with pipelines for example or IaaS. This helps against security issues but also increases productivity and efficiency. 

Can you describe a specific challenge you faced while implementing DevSecOps, and how you overcame it?

I see DevSecOps as a way to overcome challenges in general. DevSecOps is a toolbox of different ways to mitigate challenges. 

Is it beneficial for small companies to adopt DevSecOps practices?

 100%, Everybody can benefit from it. Agile Management for example is even used in the smallest companies of our planet. 

Can you give a example what happens if DevSecOps is not managed properly

Not sure if I understand the question. If something is not managed well, it will lead to problems. It does not matter if it is a DSO or not. 

What certification do I need for DevsecOps to start a career in DevsecOps? 

Practical experience is more important than any certification. There are many DSO roles. You want to be an agile coach (get a Scrum certificate), you want to be an architect (get hyper scale certification), you want to be an engineer (learn coding and do GitOps, Dev certifications) etc.

Summary

In our intensive interview, Andreas Horn furnished a lot of information regarding the DevSecOps, benefits of DevSecOps, certification path in DevSecOps, preparation strategy, and so much more. It might helpful in enhance your skills and knowledge in the DevOps Career.

Whizlabs furnish various study resources, practice tests and preparation guides and you can utilize it to know more information on DevOps. If you have any doubts in this blog, please feel free to comment us!

 

About Pavan Gumaste

Pavan Rao is a programmer / Developer by Profession and Cloud Computing Professional by choice with in-depth knowledge in AWS, Azure, Google Cloud Platform. He helps the organisation figure out what to build, ensure successful delivery, and incorporate user learning to improve the strategy and product further.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top