If you’re a developer like me, you’ve probably had more than a few jobs over the years. In today’s business climate, developers are like 21st century mercenaries: pursued by company after company, enticed by hotter jobs, cooler projects and – of course – bigger salaries. Staying anywhere more than two years is unusual.

It’s a sellers’ market if you’re a developer. The market conditions are perfect for quick career advancement. On the other hand, several emerging factors lead me to believe that the days of developers having the upper hand over employers are nearing an end.

If you’ve started down the DevOps road, you’re already being required to expand your role to take on more responsibility than ever. As cybersecurity grows more necessary in the face of increased risk of breach and/or compliance attainment, security is part of the developer’s job, too. In software terms, secure coding skills are becoming a “non-functional” job requirement.

A developer’s job description has always been a fast-moving target. But the rise of DevOps and accelerated development cycles represents a paradigm shift from developers as specialists to development as multidisciplinary. With Agile replacing Waterfall as the go-to methodology, developers had to assume responsibility for the quality of the entire software development lifecycle. DevOps lumps even more responsibility onto the team and thus team members.

As speaker-writer-developer Jeff Knupp points out:

The increasing scope of responsibility of the "developer" (whether or not that term is even appropriate anymore is debatable) has given rise to a chimera-like job candidate: the "full-stack" developer. Such a developer is capable of doing the job of developer, QA team member, operations analyst, sysadmin, and DBA.

That’s not even the half of it: security is now being integrated into DevOps, expanding the developer’s responsibilities yet again. Up until now, a developer with secure coding skills was a nice-to-have. But in the near future, security will become a need-to-have due to continuous release cycles and compliance requirements.

Soon, the coders who have the best jobs with the highest salaries will be the ones with the most security knowledge. And if you don’t know how to code securely, you just won’t be in demand anymore.

How can you stay ahead of these trends, so you’re not left behind?

In a nutshell, developers need to constantly adapt and continue to learn new skills.

Of course, you need to stay current with an ever-growing list of languages and frameworks – not just PHP, ASP and Java; but Python, Clojure, Angular and Ruby; and even mobile platform languages like Android and iOS. You will probably want to get a certification in secure software development, such as CISSP.

Beyond baseline technical skills and certifications, developers are expected to be team players and understand organizational imperatives like project management, budgeting and other business skills that used to be the domain of the MBA.

There are “soft skills” that you’ll need to master to maneuver through organizational politics. And if you really want to take your career to the next level, you’ll want to become adept at managing others and mentoring less experienced developers. 

It’s clear that developers today must adopt an agile and flexible mental framework and constantly upgrade their toolkit with new skills and knowledge. You need to recognize emerging business trends and go with the flow. The only thing that’s constant is change.

Learn more about securing DevOps

Get started on your journey today. Check out the report, Putting Security Into DevOps, from analyst firm Securosis, to understand the changing requirements of DevOps and best practices for making security part of the continuous integration and continuous deployment process.

About Pete Chestna

As Director of Developer Engagement, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec experience as both a developer and development leader, Pete provides information on best practices amassed from working with Veracode’s 1,000+ customers. Pete joined Veracode in 2006 as a platform developer and was instrumental in delivering the first version of Veracode’s service to customers. Later, as Director of Platform Engineering, Pete managed the Agile teams responsible for delivering Veracode’s SaaS platform and built the first DevOps team.  Pete also spearheaded Veracode’s initiative to automate the use of Veracode products into the company’s development processes. Using this experience, he has spoken with hundreds of Veracode customers to help them set up similar programs. Pete has more than 25 years’ experience developing software and has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. 

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.