Resources Blog How (and Why) to Build Your Own DevSecOps Team

How (and Why) to Build Your Own DevSecOps Team

You know things are bad when everyone is quitting.

That’s the situation James Dean, of BlueCross BlueShield of Tennessee, faced in 2016. The Chattanooga-based manager was handed a disastrous project that was incomplete, overdue, and now, severely understaffed.

James shared his story, and how he managed to survive and thrive, at the Nexus User Conference.

Part of the solution involved bringing in Nexus IQ and Firewall. However, tools can’t solve a people problem. The larger part of the solution was finding talent, training them, and developing a DevSecOps culture -- fast.

James quickly realized there was a talent shortage in Chattanooga. He had no time to waste. So he placed his bets on a young junior developer and several interns. Other departments cringed.

Fast-forward: the results were outstanding. James moved his team from 5K deployments in 2015 to 33K today. His crack team of newbies -- now much more experienced -- managed to deliver everything and more. They onboarded 68 teams and migrated/automated/scanned 496 applications. Most exciting, five new DevSecOps careers were launched.

Hear the entire story from James, here:


How to Build a DevSecOps Team

James outlined the steps he took to solve this daunting problem.

  1. Hire attitude and aptitude over skill and experience

  2. Be a coach and mentor; not a boss

  3. Pay attention to the newbies - guide them to ownership of things they’re interested in (ideally something no one else is interested in)

  4. Teach everyone to experiment

  5. Reward success and failure, both equally and publicly, as part of a blame-free culture

  6. Listen to and respect the inexperienced, because remarkably creative solutions come from those who don’t know what shouldn’t be possible (“I didn’t expect this, and it taught me a lot,” says James)

  7. Take pride in, and celebrate, the team’s accomplishments

  8. WIN TOGETHER! - A manager’s success should be entirely dependent on the success of members of their team

Why Build Your Own DevSecOps Team

James believes building your own DevSecOps team from scratch could be the ideal situation. He gives these reasons:

  1. It works - you can find people of any age willing to learn, and willing to be mentored

  2. It is cheaper - less experienced people take more time to train but are easier on the budget

  3. It is more rewarding - nurturing new talent deepens your own knowledge

  4. It builds a stronger workforce - by definition, it is more collaborative and trusting

  5. It contributes to a cultural shift - by definition, it empowers contributors and fosters fast growth

Building a Community: The Biggest Win

Now, with hindsight, James says, “I’ve gone from trying to build a team to trying to build a community.”

He now works with local business leaders and educators to identify talented prospects. Establishing a local talent base is crucial. Yes, it serves as a potential hiring pipeline. It also ensures a vibrant DevSecOps community, ready for the next big challenge.


Picture of Katie McCaskey

Written by Katie McCaskey

Katie is an experienced technology writer and entrepreneur. At Sonatype, she's focused on creating and finding great content.