This week at DevOps Days Austin there was some discussion of the NoOps controversy. But Dell employee and Kanban2Go creator Prabhakar Gopalan probably summed up the attendees’ collective attitude pretty well: send all that noise to dev/null. Analysts get paid to talk about that stuff, but developers and sysadmins don’t. The technical people just want to do their jobs. Instead of NoOps, I saw three big themes discussed in the presentations and in the back channel.
All devs need security training. These #devopsdays talks are opening my eyes.
— Scott Baldwin (@scottsbaldwin) April 3, 2012
I already touched on security in my write-up of James Turnbull’s presentation on DevOps and security on Monday. There were two more talks on the subject on Tuesday: one by Etsy’s Nick Galbreath and a short one by National Instruments’s James Wickett. Wicket published his notes on Galthreath’s notes here. Wicket has a posted his slides here. Earlier this year Gartner published a report titled DevOpsSec: Creating the Agile Triangle that raises many of the same issues.
I’ve always thought of security as being a part of both dev (AppSec) and ops (ITsec), but the presenters make the case that security should be a bigger concern earlier in the development process (something I’ve also written about), and they also note the need for clear lines of responsibility regarding security (while making clear that “accountability” shouldn’t mean “finger pointing”).
It’s the logical next evolution: from agile development to DevOps to “DevOpsSec.” Wicket on the other hand proposed a different idea: rugged, as opposed to “secure,” DevOps:
Wicket gave Cloudsec’s weathering o the LulzSec storm as an example of ruggedization: the whole CloudFlare service gained unexpected benefits from having to standup to massive attacks from LulzSec’s enemies.
Generalism vs. Specialization
“DevOps is a response to overspecialization” #DevOpsDays
— David (@mortman) April 2, 2012
Generalism in IT doesn’t have to mean system administrators writing applications or developers managing all their own infrastructure, but there’s a growing need for cross-functional roles. Security is the obvious are for overlap. Knewton Head of Systems Dave Zwieback summed up some of the ways that generalization can occur in his talk:
You can find the rest of Zwieback’s slides here.
I’d also suggest the idea T-shaped skills as an alternative, or at least intermediate step towards, generalism.
who’s hiring? all hands up. who needs a job? no hands. No recession in DevOps world. #devopsdays
— James Wickett (@wickett) April 2, 2012
Why would Etsy, a company that acts as a middleman for people selling hand crafted goods, sponsor a tech conference? Maybe out of the goodness of their hearts. Maybe because they recognize the value their technical staff get out of attending such conferences and want those conferences to continue. Or maybe it’s because they want to recruit.
The DevOps jobs theme is closely related to the generalism theme. It can be hard enough to hire developers, let alone developers with the right mix of skills. Meanwhile demand for people with Puppet skills continues to trend upwards and the number of jobs for people with Chef skills is comparable, indicating that the demand for DevOps people is high.
Offering more training is one way to meet these staffing needs. Also, employers are going to have to consider whether they’re asking for too much in terms of cross-functional ability and whether they’re trying to consolidate too many roles. It may wind up being cheaper to hire two or three people who do the job right than just one person who does it wrong.