Luno’s Post

Want to stand out on your next DevSecOps job application? 🚀 Jackson Ayers and Chase Valentine are sharing our Talent Acquisition Team’s top 3 tips to help you become a stronger candidate. ✨ Discover more resources for government technology professionals here: https://lnkd.in/eNjdcqkR 💼🔍 #DevSecOps

𝐂𝐫𝐚𝐟𝐭𝐢𝐧𝐠 𝐂𝐨𝐦𝐩𝐞𝐥𝐥𝐢𝐧𝐠 𝐉𝐨𝐛 𝐃𝐞𝐬𝐜𝐫𝐢𝐩𝐭𝐢𝐨𝐧𝐬 𝐟𝐨𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐑𝐨𝐥𝐞𝐬 🛡️ In the evolving landscape of IT security, crafting a compelling job description is key to attracting the right DevSecOps talent. Here’s how to structure your job descriptions to catch the eye of top professionals: 𝐂𝐥𝐞𝐚𝐫 𝐑𝐨𝐥𝐞 𝐃𝐞𝐟𝐢𝐧𝐢𝐭𝐢𝐨𝐧: Specify the responsibilities and expectations for the DevSecOps roles clearly. This helps candidates understand the scope of the role and self-assess their fit. Define what distinguishes a DevSecOps engineer from other roles, emphasizing the blend of development, security, and operations skills. 𝐒𝐤𝐢𝐥𝐥𝐬 𝐚𝐧𝐝 𝐐𝐮𝐚𝐥𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬: Detail the necessary technical skills and certifications. Highlight the importance of experience with automation tools, security protocols, cloud services, and coding languages. Be specific about the skills that are essential versus those that are nice to have, helping candidates gauge their eligibility more effectively. 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐀𝐰𝐚𝐫𝐞𝐧𝐞𝐬𝐬: Since DevSecOps roles involve critical security responsibilities, emphasize the need for a strong understanding of compliance frameworks and security best practices. This underscores the role’s importance in maintaining the integrity and security of IT systems. 𝐂𝐮𝐥𝐭𝐮𝐫𝐚𝐥 𝐅𝐢𝐭 𝐚𝐧𝐝 𝐒𝐨𝐟𝐭 𝐒𝐤𝐢𝐥𝐥𝐬: Apart from technical skills, mention the soft skills and cultural attributes that would make a candidate successful in your environment. DevSecOps roles require great communication and teamwork, as they will interact with multiple departments to integrate security throughout the development process. A well-crafted job description not only attracts qualified candidates but also sets the stage for their success in your organization. ________________________________ Looking for assistance in attracting top DevSecOps talent or crafting your next job description? Let's connect! 📨 Email: jennifer.delany@eselectconsulting.com 📞 Phone: +1 (727) 761-8817 #DevSecOps #ITRecruitment #JobDescription #CyberSecurity #TechTalent

Good opportunity

#crowdstrike I've just posted this in another thread because it needs to be said and digested. It's too easy to blame an end employee when a companies executive team are actually the ones accountable - it is their failure. Don't blame it just on an engineer deploying an update - this is a systematic and repeated f*ck up from crowdstrike they also did it to linux last month. -> Peer review person -> Team leads -> Test team -> Change controls - change managers, approval managers -> Product managers -> Mid managers - Service delivery, Business unit manager -> Senior managers -> Governance, risk, compliance team all responsible. Accountability sits with CEO. The engineer does not run the company. Let's start getting this right - Telstra etc threw their engineer under a bus when there was an outage from a change - don't be like them. Start putting the blame where it lies. Companies that f*ck up like his have systematic problems - the executive is accountable. Get it right.

In my experience most of the customer facing security leaders (irrespetivce of their title CISO, Advisory CISO, Field CISO) lose their job within the first year or have terrible job satisfaction, as there is huge expectation mismatch and this article is an attempt to take the grey out. Made some more changes to it based on feedback as well. As a CISO for a SaaS company, one does have to help in pre-sales meeting if the customer is big enough and there are security questions that need to be answered or maybe the CISO on the other side needs reassurance from a peer. The success metrics portion of the document is an attempt to quantify the responsibilities to dispel the notion that a customer facing CISO does not do any work, has no ownership, accountability or responsibilities. Being on the road 24 plus times of the year away from your family, telling a company's story effectively while helping with product apart from other things is no joke.

DevSecOps

Cybersecurity: DevSecOps