How a DevOps Recruiter Hires for Containers and Serverless

A Q&A With Michael Race, Head of DevOps, Salt Digital Recruitment

When it comes to hiring for DevOps, there’s much to consider, especially if you’re looking for someone to manage containers and serverless infrastructure. There’s no doubt that it’s a talent-driven market — DevOps professionals are in demand.

In this competitive environment, how do you make the right choice about who to hire? According to Michael Race, Head of DevOps at Salt Digital Recruitment, patience is a must. But even if you’ve got time on your side, you still want to make hires that prioritize security, can advocate for tools and methodology, and have experience creating DevOps environments.

We sat down with Michael recently to get his perspective on hiring for containers and serverless. Michael — who’s helped dozens of companies fill DevOps roles — shared his thoughts on where security fits in, what he likes to see in a candidate, as well as red flags that may crop up. Read more “How a DevOps Recruiter Hires for Containers and Serverless”

Magic for DevOps Teams — Threat Stack Announces Containerized Agent

Every day, malicious actors are taking more complex routes into cloud infrastructure and leveraging increasingly covert traits to persist for longer periods of time. As Dark Reading put it in a recent article, “Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.” With the rapid adoption of containers and orchestration tools as part of that infrastructure, organizations are presented with yet another layer to protect from these complex attacks.

Containers bring many advantages to DevOps such as easier write-test-deploy cycles, flexibility to explore new frameworks, and a simpler way to make updates to individual resources or a range of components in your applications. As more teams move towards containerized workloads, DevOps teams expect the security tools they leverage to keep pace without slowing them down.

To ensure alignment with those expectations, Threat Stack is excited to announce a containerized agent that will be available to customers next month. The containerized agent will provide the deployment and velocity benefits of containerization while concurrently monitoring and alerting on container activity across the entire infrastructure, no matter where customers fall on the container adoption spectrum. Read more “Magic for DevOps Teams — Threat Stack Announces Containerized Agent”

Lessons in Resilience: A Conversation on Security at REdeploy 2018

I spent last week out in San Francisco at REdeploy to learn about Resilience Engineering and what it means to build solid, sustainable infrastructures, organizations, and teams. This was the first conference of its type, and it did not disappoint.

While there was an incredible lineup of speakers, the real value, in my opinion, came from the engagement and discussions that took place after the on-stage talks. Not only did the speakers and attendees mingle at every break, but the conference organizers also hosted a speaker panel at the end of each day where attendees could ask questions, and the speakers themselves could discuss some of the themes presented throughout the day. I eagerly took advantage and sat down with a few people to find out what Security means for Resilience Engineering. Read more “Lessons in Resilience: A Conversation on Security at REdeploy 2018”

Security Observability: Operationalizing Data in Complex, Distributed Systems

It’s 2018 — companies are using multiple cloud providers, shifting to microservices, moving monoliths into containers, or maybe even moving to a serverless-style architecture. And while these are the trendy things to do right now, are they right for the business today? Will they be right or wrong for the business tomorrow? Is what we’re doing too complex if the Next Big Thing comes along and you want to leverage it without having to complete a major lift-and-shift?

Regardless of the direction your company is moving in, change is a great opportunity to evaluate your security practices and consider how you can add observability to your operations. Read more “Security Observability: Operationalizing Data in Complex, Distributed Systems”

Why DevOps Needs Security During an Infrastructure Transition

The rising popularity of DevOps practices in cloud infrastructure environments has allowed software teams to release work more quickly and efficiently than ever before, but is security top of mind? Data included in a new Pathfinder Report from 451 Research would suggest not.

According to data included in “Refocusing Security Operations in the Cloud Era,” 36% of businesses said their top IT goal over the next year is to respond to business needs faster, while 24% said it is to cut costs. In comparison, only 10.5% prioritized improving security as their top goal, coming in dead last among the options listed.

The problem seems to stem from the misconception that speed and security are mutually exclusive, where DevOps views security as a business decelerator rather than the stabilizing force it is. Baking security into DevOps processes early on through SecOps best practices, which we’ll review below, is the only way to build long-term sustainable infrastructure that will support your products and team as they move into the future. Read more “Why DevOps Needs Security During an Infrastructure Transition”

24 DevOps Pros Reveal the Most Important Characteristic of a Successful DevOps Engineer

There’s no precisely defined career track for DevOps engineers because they’re typically developers or sysadmins who develop an interest in other aspects of operations — such as network operations, deployment, or coding and scripting. Yet with more companies turning to DevOps to deliver products and updates more rapidly, there’s a growing demand for these multi-faceted professionals, and they’re playing an ever-more prominent role in modern companies.

Without a clear-cut career track to lead to a role as a DevOps engineer, companies hire and promote these professionals based on past experience and skillsets. But what characteristics are most important to ensure success as a DevOps engineer? To gain some insight into the skills, talents, and traits that today’s top DevOps engineers need in order to succeed, we reached out to a panel of DevOps pros and engineers and asked them to answer this question:

“What is the most important characteristic of a successful DevOps engineer?”

Read more “24 DevOps Pros Reveal the Most Important Characteristic of a Successful DevOps Engineer”

GDPR: What Compliance Says vs. What DevOps Hears

The deadline for the General Data Protection Regulation (GDPR) is fast approaching, with May 25 marking the official day of reckoning. The updates to the data protection directive of 1995 (Directive 95/46/EC) are designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy rights, and to reshape the way organizations across the EU approach data privacy.

There’s a likelihood that Compliance has approached your DevOps team to get on board. But when Compliance talks, what do you hear? Are you truly understanding what’s required of you to become GDPR compliant? Let’s take a look at some of the possible gaps in knowledge below. Read more “GDPR: What Compliance Says vs. What DevOps Hears”

SLDC, SOC 2, and Other Four Letter Words

Developers gonna develop. That’s why we’re developers. We want to set some implementation goal and then make that a reality. We like to stay heads down and focus on the immediate task at hand. Unfortunately, this can sometimes cause collateral damage. Secondary objectives can get ignored or even trampled in the race to meet the primary target. It’s also likely that other promising developments will get missed as they fall off the main path. Dealing with these issues is one of the many functions of compliance regulations.
Read more “SLDC, SOC 2, and Other Four Letter Words”

20 Dev Leaders and Hiring Managers Reveal Their Favorite DevOps Interview Questions

We champion a security-first DevOps culture at Threat Stack, and I’ve had the opportunity of building DevOps best practices into the company since its earliest days. In our experience, this is the best way of simultaneously reducing risk and achieving peak operational efficiency.

Getting the right players on your DevOps team is crucial to this goal, of course. But how do you filter out the star players from the mediocre? Beyond a careful analysis of a candidate’s background and experience, asking the right interview questions can reveal valuable insights that make it possible to find the ideal candidate to complement your existing team’s skill sets and personalities.

To find out what questions today’s dev leaders turn to during interviews for these all-important insights, we reached out to a panel of hiring managers and dev team leaders and asked them to answer this question:

“What’s your favorite DevOps interview question (and why)?”

Read more “20 Dev Leaders and Hiring Managers Reveal Their Favorite DevOps Interview Questions”

DevOpsDays Austin Recap: Getting Back to Basics

What’s old was new again at DevOpsDays Austin last week, with the 7th annual conference featuring fewer attendees, the elimination of sponsor tables, and a format that put the focus back on knowledge-sharing and human interaction. Running May 3–4 at the Darrell K. Royal-Texas Memorial Stadium, the conference was an interesting exercise in returning to the roots of DevOpsDays, and the payoff was quality presentations and conversations. Read on for a few of the highlights. Read more “DevOpsDays Austin Recap: Getting Back to Basics”