Imho DevOps is not a role, DevOps is a culture and mindset - therefore it is for developers.
But people should receive the proper training and get enabled to keep security in mind - at best in a automated way... There are so many tools for ci/cd pipelines that take care of open ports, fuzzing input, container security....
I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
I know that DevOps should be known as a culture but in practice as become a role category, let's say it is like the SysAdmin of the Cloud. We just need to take a look to job posts to see that DevOps is seen by the majority as role.
While everyone is pushing to the developer the responsibility of the infrastructure that is a huge mistake that is later paid with security holes, despite any software you put on it.
Developers time should be spent in solving the business problem they have been tasked with, not figuring out the infrastructure, because if they have to do it they will just try to make it work... and we all know how it end ups when the developer only tries to make it work.
Imho DevOps is not a role, DevOps is a culture and mindset - therefore it is for developers.
But people should receive the proper training and get enabled to keep security in mind - at best in a automated way... There are so many tools for ci/cd pipelines that take care of open ports, fuzzing input, container security....
I know that DevOps should be known as a culture but in practice as become a role category, let's say it is like the SysAdmin of the Cloud. We just need to take a look to job posts to see that DevOps is seen by the majority as role.
While everyone is pushing to the developer the responsibility of the infrastructure that is a huge mistake that is later paid with security holes, despite any software you put on it.
Developers time should be spent in solving the business problem they have been tasked with, not figuring out the infrastructure, because if they have to do it they will just try to make it work... and we all know how it end ups when the developer only tries to make it work.
If the devs produce software that is full with security issues - it has a business impact. just not a positive one ;)