By C. Aaron Cois
Software Engineering Team Lead
CERT Cyber Security Solutions Directorate
This post is the latest in a series for organizations implementing DevOps.
A DevOps approach
must be specifically tailored to an organization, team, and project to
reflect the business needs of the organization and the goals of the
Software developers focus on topics such as programming, architecture,
and implementation of product features. The operations team, conversely,
focuses on hosting, deployment, and system sustainment. All
professionals naturally consider their area of expertise first and
foremost when discussing a topic. For example, when discussing a new
feature a developer may first think "How can I implement that in the
existing code base?" whereas an operations engineer may initially
consider "How could that affect the load on our servers?"
When an organization places operations engineers on a project team
alongside developers, it ensures that both perspectives will equally
influence the final product. This is a cultural declaration that in
addition to dev-centric attributes (such as features, performance, and
reusability), ops-centric quality attributes (such as deployability and maintainability) will be high-priority.
Likewise, if an organization wants security to be a first-class quality
attribute, a team member with primary expertise in information security
should be devoted to the project team.
Every Thursday, the SEI Blog will publish a new blog post that will
offer guidelines and practical advice to organizations seeking to adopt
We welcome your feedback on this series as well as suggestions for
future content. Please leave feedback in the comments section below.