Dev vs Sec – Who's Responsible For The Ops?

Luis Guzmán
February 20, 2023
Dev vs Sec – Who's Responsible For The Ops?

The rapid shift to digital and the scramble to fix security issues in this increasingly dynamic world have escalated the friction between developers and security teams at many organizations. 

To maintain a secure and stable environment, security leaders must start taking the right steps to reduce this friction and avoid a significant negative impact on development efficiency and business success.

Our second episode of Let’s Talk AppSecOps Season 1 explores the sometimes rocky relationship between Dev and Sec teams, and discuss practical solutions for improving collaboration between them. 

The #1 gray area in AppSecOps

The State of AppSecOps 2022 report discovered that eliminating developer friction is one of the three biggest priorities for security leaders. Unfortunately, a major contributing factor to this increasing friction is the frequent back-and-forth of security-related tasks—especially when it comes to infrastructure-as-code. 

“Our security teams are focused on managing and mitigating business risks, while development teams are focused on delivering as much functionality to the market as possible. These two aspects don’t necessarily mesh every time, and create friction,” says Mark.

The result? Development and security professionals are always pointing fingers, as they struggle to determine who is responsible for ensuring the security of the infrastructure.

Taking a step towards the solution

To overcome this friction and promote collaboration between security and development teams, security leaders must take a different approach. 

Enter the security liaison

Converting security teams into coaches, or starting a security liaison program, can be a great first step. A security champion or liaison can educate developers on why security affects the project, explain security best practices, and more, to help them avoid common errors while writing code.

The focus also needs to be on “more carrot, less stick” tactics, such as incentivizing opportunities for the development team to work in a more secure, motivated manner. For instance, this could be through recognition for those who have taken proactive steps to improve the security of their code, or by offering training and education programs to help developers better understand security concerns.

Understanding developer hardships

Moreover, security leaders need to better understand the expectations and environments that their developers face. This requires a deep understanding of the development process and the tools and technologies used by the development team. By better understanding the systems with which developers work, security teams can better align to their workflows and tooling, which can greatly reduce friction.

For example, security leaders should be aware of the challenges faced by developers in terms of time constraints and limited resources, and they should be able to provide solutions that help mitigate these challenges.

Conclusion

Zero developer friction is the secret sauce to a productive and efficient working environment in cybersecurity. However, it isn’t an easy route, and requires a combination of communication, collaboration, and the use of the right tools and technologies. 

By taking the time to understand what the development team needs, and finding ways to minimize friction points, security leaders can create an enjoyable and productive experience for both dev and sec professionals.

Learn more about how to reduce developer friction by watching episode 2 of Let’s Talk AppSecOps.

Luis Guzmán
Luis Guzmán
Senior Solutions Engineer
February 20, 2023
Luis Guzmán
February 20, 2023
Subscribe for Updates
RSS Feed Logo
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.