SANS 2022 DevSecOps Survey
Create a culture to significantly improve your organization’s security posture.
Download Now >Share: 
Kiran Kamity, CEO of DeepFactor, recaps his experience at DeveloperWeek 2022.
Last week (Feb 7-9, 2022), DevNetwork hosted DeveloperWeek, the world’s largest developer and engineering conference series. As described in my blog, What You Can Expect at DeveloperWeek 2022 This Week, I was privileged enough to play a number of roles.
On Wednesday (2/9) afternoon, I joined DevNetwork Co-Founder, Jon Pasky, for a fireside chat on “The State of the Developer Industry,” alongside several esteemed colleagues who provided unique perspectives on the topic.
The panel included:
- Victoria van Roosmalen, CISO & DPO @ Coosto
- Bhawna Singh, SVP of Engineering @ Auth0
- Timothy Spann, Developer Advocate @ StreamNative
- Boydlee Pollentine, CTO @ MIT Group
With what is becoming a theme for 2022—check out this recent DeepFactor webinar with former-CISO, Jim Routh, for example—our discussion focused on the technology trends shaping the industry post-COVID, and the impact hiring and retaining talent can have on your plans for digital transformation. Obviously, as someone who launched DeepFactor from stealth during the COVID-19 pandemic, and is now growing the company during the “Great Resignation,” this topic is very much close to home! In a year that saw our company double in size, I was excited to share what I’ve learned.
The panel discussion was more or less driven by the following three open-ended questions:
- What does your team/company do?
- What are your top challenges today?
- What is one thing you can do to retain employees?
Continue reading to hear my thoughts on each of these questions.
What does your team/company do?
As described throughout our website, DeepFactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing. More importantly—given the context of this conversation—DeepFactor enables developers to identify, prioritize, and remediate application risks.
According to this complimentary Forrester Report, Build A Developer Security Champions Program:
“In 2019, 29% of security decision-makers who reported that a lack of employees with the right security skills was among the biggest IT security challenges for their organization said that their firm needs people with skills and experience in application security. The expertise gap makes it more difficult to prioritize flaws, select the right application security tools, and reduce the time to remediate high priority issues.”
This is exactly the problem we’re hoping to address with DeepFactor—how can organizations break down the barrier between development and security to combat the increase in security flaws and the resulting extension of remediation times? Though security teams have started to adopt a wide-range of security tooling, without security-aware developers organizations will struggle to address issues in development, well-before shipping to production. With DevSecOps remaining a top objective for 2022, shipping secure applications will continue to be a marker of successful software companies.
What are your top challenges today?
Much of the discussion focused on the external challenges plaguing the hiring process, such as managing geographically distributed workers, retaining top talent, and hiring security-conscious engineers who want to deliver features quickly and securely.
There are a number of reasons, hiring, and even retaining, employees during and post-COVID has changed for most enterprises. For example, working from home is now the “new normal”, with commuting—and even traveling—being the exception. And this is often paired with demands for more flexible working hours, and a growing interest in part-time employment. However, for employers willing to navigate these challenges, there’s a massive pool of talent from which to recruit.
What is one thing you can do to retain employees?
Retaining talent has always been a challenge, but that is especially true in 2022. According to Forbes, in September 2021, “4.4 million Americans left their jobs,” highlighting a growing trend leading into the New Year. So, what can enterprises do to mitigate this trend and keep the company’s top contributors happy?
Well, as mentioned above, enterprises need to adapt to meet the demands of the evolving workforce—ranging from providing flexible work options (e.g. hours, geography, etc.) to fostering a positive and inclusive culture. And this starts with retaining employees who are passionate, welcoming, and intensely focused on sharing the company’s mission. In my opinion, assuming there is alignment on the underlying vision, the “Why does any of this matter?” and—more importantly— “Why come to work HERE today?” questions are much easier to answer … plus, who doesn’t want to avoid the Monday Morning Blues?
Thanks to Bhawna Singh, SVP of Engineering at Auth0, for her interesting comments in this area!
Lastly, one of the things we didn’t specifically cover during our discussion is the tangible impact hiring and retaining talent during “The Great Resignation” is having on enterprise and developer security. For example, as reported by SC Media, here are three really concerning data points:
- 71% of IT decision makers in the United States and United Kingdom said the Great Resignation has increased security risks at their companies
- Some 45% of respondents say incidents of data exfiltration have increased in the last year as people took data when they left their jobs, often to find better work-life balance or pursue another career.
- 40% of American employees say they had taken data with them when they left their old jobs.
This probably sounds dramatic, but these stats seemingly imply our ability to navigate the challenges around retention could be literally measured by tracking data security!
Closing Remarks
For DeepFactor, the continued transition to cloud native architectures is a perfect opportunity to understand, and possibly address, how these conversations are impacting development —especially application security. Whether you’re hiring to meet growing demands, or retaining talent to stabilize your current business, everyone needs to be thinking about security. And with supply chain attacks growing by more than 300% in 2021, now is the best time to hire/retain the right people!
Thanks again to DevNetwork for the opportunity to participate at DeveloperWeek2022!