As you look at candidates for your DevOps teams, it’s critical to find developers who exhibit qualities of a full spectrum engineer – generalists who can do it all. You need people who will add velocity and not be dependent on others to complete their work.

It’s likely that you will not find someone who has every skill you need, so look to find people with the potential to grow and learn at speed. Here are three essential traits that you should look for in a potential full spectrum engineer.

1. An open mindset. Someone with and open mindset will know and believe that they can learn anything through study and trial-and-error. They will not shy away from new challenges that can help them move into new disciplines. They will be energized by the thought that they are responsible for the whole smash. They thrive in small, fast-paced teams.

A person with a closed mindset will believe that if they don’t already possess a certain skill then they are not capable of doing it. They will be more likely to want new disciplines to be someone else’s job. They will be more comfortable on larger teams where work is shared among the entire team.

2. Lifelong learner. When I’m interviewing a candidate, I am always on the lookout for someone that loves to learn. Ask questions like: What did you learn in the last week/month/year? What are you curious about? How do you satisfy your curiosity?

Self-motivated learning is essential to a full spectrum engineer. Ask them about recent challenges that they faced on the job. How did they conquer them? What about hobbies? What people, especially engineers, do outside of work can be indicative of their motivations to learn.

3. Serious about security. Finding a developer trained in cybersecurity is like finding a needle in a haystack. Instead, look for developers with an interest in security. Do they like to hack or reverse engineer devices, code, and systems? Have they ever participated in a bug bounty program or found a vulnerability? Do they follow security news and thought leaders? Do they participate in hacker culture, watching shows like “Mr. Robot” and attending hackathons?

FSEs with an interest in security should be leaders driving the security message in their teams – they can become your security champions. Security champions reduce culture conflict between development and security, help other developers by performing code reviews, and act as the security conscience of the team. They hold feet to the fire to make security a priority during planning and pre-production. Developers often see security  as a gate, but full spectrum engineers help build security into the development process, reducing the chance of problems that require rework and slow down releases.

Not Everyone is a Full Spectrum Engineer – And That’s OK

Is there still a need for experts and specialists? Absolutely! While I am eager to tell you that software developers today all need to be generalists, it does not mean that we should get rid of our specialists. What it does mean is that we will need less of them.

Generalists will be able to do an excellent job at 90+ percent of the work you ask of them. In those margins it is still possible for them to write bad SQL queries or create security vulnerabilities that they do not understand how to remediate. This is why you need people who can adapt and improve, to soak up the wealth of knowledge to become more capable every day. In addition, it is great to spread the wealth of knowledge from specialist to generalist such that your generalists become more capable every day.

A good model for this is guilds. Think of a guild as a group of people with interest in a common discipline such as security, testing or deployment. The group would be chaired by one of your specialists. They would hold regular meetings that would be open to general participation by the company. Guilds might offer special training or perhaps discuss an issue or obstacle faced by one or more team members. This shared learning outlet will build each person’s skillset across multiple disciplines.

While it is not the normal mold for a software engineer today, the skills and capabilities of a full spectrum engineer are the future of software development. DevOps has smashed the velocity barrier, but reaching the full potential of DevOps will require a new breed of multi-disciplined generalists – the full spectrum engineer.

You can read the rest of my blog series on full spectrum engineers here:

- Get Ready for the Full Spectrum Engineer

- 5 Things Developers Need to Thrive as a Full Spectrum Engineer

As Director of Developer Engagement, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec experience as both a developer and development leader, Pete provides information on best practices amassed from working with Veracode’s 1,000+ customers. Pete joined Veracode in 2006 as a platform developer and was instrumental in delivering the first version of Veracode’s service to customers. Later, as Director of Platform Engineering, Pete managed the Agile teams responsible for delivering Veracode’s SaaS platform and built the first DevOps team.  Pete also spearheaded Veracode’s initiative to automate the use of Veracode products into the company’s development processes. Using this experience, he has spoken with hundreds of Veracode customers to help them set up similar programs. Pete has more than 25 years’ experience developing software and has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. 

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu