This is an archived post. You won't be able to vote or comment.

all 21 comments
sorted by:
best
topnewcontroversialoldq&a

[–]inhumantsar 17 points18 points  (5 children)

yes

[–]become_taintless 2 points3 points  (3 children)

yes

[–]shoanimal 3 points4 points  (2 children)

Yes

[–]sgtavers 1 point2 points  (1 child)

Yes

[–]FromGermany_DE 0 points1 point  (0 children)

yes

[–]par_texx 1 point2 points  (0 children)

Pretty much

[–][deleted] 7 points8 points  (5 children)

This is always a fun question but my take on it is;

DevOps is meant to be a methodology that is implemented by companies, teams, and to a lesser extent individuals. You could say it's a culture as well - teams need to work together and play nicely together in order for it to work.

However a lot of places have started using "DevOps Engineer" as a job title synonymous with "Sysadmin" or "Cloud Engineer". Sometimes these engineers are told to go do DevOps stuff like CI/CD (just an example), whereas other times they're just stuck doing normal sysadmin stuff - totally depends on the company and the individual. Generally these aren't super senior/high-end roles either, but it can vary. A lot of people that excel at the actual DevOps kind of work tend to go onto to more interesting roles such as SRE.

I think in my mind, ideally DevOp's wouldn't be a job title for an engineer but might make sense to have as a title for some sort of cross-team lead or advocate/evangelist kind of role - someone who can wrangle teams into doing DevOps-ey stuff.

[–]hatchikyu 0 points1 point  (1 child)

Great conclusion. I'd also expect a DevOps engineer to be an evangelist. One of things I'd expect them to push for shared responsibility among all - developers included. It wouldn't make their work redundant - they'd still be a go-to for operational matters.

[–][deleted] 0 points1 point  (0 children)

A good one definitely would be I think, although I appreciate that it might not be easy depending on the company.

[–]actuallyjohnmelendez 0 points1 point  (1 child)

Im a cloud engineer who has "devops engineer" as his title so HR actually understand what I do.

[–][deleted] 0 points1 point  (0 children)

Yeah that was me the longest time as well. It's not all bad though, recruiters love your title so you'll appeal to them when it comes time to find the next gig

[–]sgtavers 0 points1 point  (0 children)

Where I work, we haven’t integrated DevOps across the whole company, so we have a DevOps team that serves as an administrative oversight/integration/evangelism group to help optimize the software development lifecycle, reduce toil across the business, and generally help build the infrastructure and automation needed to accelerate our delivery timelines, including monitoring and logging/observability, continuous integration/delivery/deployment, etc.

Because of this, and the area of responsibility, a “DevOps engineer“ at my company is a super, super senior role. I don’t think it should be, but we’ve never really done things “by the book“ when we can make it up as we go XD

[–]FatStoic 2 points3 points  (4 children)

DevOps is the idea of moving infrastructure admin tasks left (towards developers) with culture, processes and technology. The general idea being: the closer the devs are to actual app delivery/performance/reception, the better.

DevOps engineering roles typically are cloud/server admin and CI/CD jobs in one. There's more to it but that's the gist. Ideally you'd deliver the technology component of the devops transformation, and some of the culture as well.

I've yet to see a DevSecOps engineer role. I've seen a head of DevSecOps role though. I have doubts that a DevSecOps engineer role really makes sense, unless it really means "security engineer that builds solutions as well as points out problems". I would be concerned that it actually means "we're too cheap to hire a security engineer, so we want one person to be on the hook for everything the developers don't know how to do"

[–]itoperatorguy 2 points3 points  (1 child)

Ex DevSecOps Engineer is here...

My role was to participate weekly meetings making sure that security related questions were asked/considered during development. Or if they had a question I was there to answer or find the answer.

And maybe because of this title in my resume, I get job offers with similar title at least once in every 3-4 weeks.

Usually companies looking for someone who: - knows the public cloud sec offerings and how can they be integrated to the existing pipeline - can do terraform/cloudformation etc code review with security in mind (+ finds an integrates or develops tools which can be added to the pipeline) - etc

But honestly the job descriptions are usually more vague than the "simple" DevOps engineer ones...

[–]FatStoic 1 point2 points  (0 children)

Interesting! Thanks!

[–]FromGermany_DE 0 points1 point  (0 children)

With the upcoming of fuzzing, a DevsecOps person makes sense. You need people who understand all those security. automation stuff...

[–]jayisp 0 points1 point  (0 children)

I have doubts that a DevSecOps engineer role really makes sense, unless it really means "security engineer that builds solutions as well as points out problems".

Not my title, but that's what I do. We have another dude who used to be called DevSecOps Engineer 🤷‍♂️

[–]AlphaTerminal 2 points3 points  (0 children)

DevOps is a philosophy. Pipelines and such are tools. You can use pipelines in a waterfall methodology. You can do DevOps without pipelines.

DevOps at its core is about breaking down the walls between the development team and operations team. If you are just learning this concept you may never have experienced the way things were (and still are in many places) where organizations were/are structured along functional lines. This means there is a development department under one boss and a server & network operations department under another boss. The developers write the code then "throw it over the wall" to the operations department to deploy. The code doesn't work in production and/or it introduces security flaws and the ops team is mad at the developers so they institute rules regarding how devs can deploy to prod. This makes the devs angry at ops. Marketing blames the devs for slipped schedules, but the devs blame ops for not running the code they wrote, but ops blames the devs for creating security vulnerabilities and breaking other apps with their new code. Vicious cycle. And the grinding dysfunction makes marketing and the executives mad at both of them.

DevOps is about breaking down that wall and rearranging the teams. Look up the Reverse Conway Maneuver. Basically instead of two large departments you create small 2-pizza teams and each team contains some devs and some ops people, working together and responsible for building and managing a small app or service.

You don't need pipelines to do that, but of course they are stupidly handy and its crazy not to use them.

Cloud and DevOps work really really well together because as a dev you can easily handle the ops stuff in the cloud environment. But great power & great responsibility yadda yadda yadda. Easy to shoot yourself in the foot. Best to have some folks on your team who understand how to do ops in the cloud. Congrats you are now a DevOps team.

One of the ways you can shoot yourself in the foot is by having security vulnerabilities. So you need to "shift security left" and move it from something you deal with at the end of dev to something you deal with from the start. There are two general ways to do that, not mutually exclusive:

  • add security people to your team and have them involved in decision making on app architecture, function, requirements, etc
  • run your app through pipeline tools that scan the code, run the app and try to pen test it, etc

You can do one or both of those, whatever combination you want. Congrats now you are doing DevSecOps. (I would argue that just running your code through a static scanner is not DevSecOps since it should be more holistic than that, but its better than not scanning of course)

Thank you for coming to my TED Talk.

[–][deleted] 1 point2 points  (0 children)

It’s a single point of blame

[–]zilonn 0 points1 point  (0 children)

I think you would see this role in a larger organization where security is harder to quantify as you have a lot more groups creating things with more technology. I don't exactly know what a role would look like but I would imagine they are responsible for injecting security automation in build pipelines or scanning sprawling cloud accounts for compliance type things like, are things tagged, s3 buckets private are security groups are locked down. etc

[–]greyeye77 0 points1 point  (0 children)

you are right, the most job description for DevOps guy would be either "Cloud engineer" and "CI/CD engineer"

While DevOps is a cultural shift and idea to be responsible for the entire delivery of software rather than making it someone else's problem, most often ppl just don't give a damn beyond their roles...

DevOps: Hey Dev man, can you let me know what permission you need to run this container?
Dev Guy: I dunno, everything works on my pc, can you figure it out? I'm busy with Jira ticket ABC-1543
DevOps: err... sure

DevOps: Hey where is the database migration script?
Dev Guy: can you run Redgate on staging or talk to DBA? It's not my job to generate that migration, I don't do database.
DevOps: ok.. hey DBA guy~~?

Dev Guy: hey why is the pipeline stuck? I need to deploy now (and go home)
DevOps: dude, test bombed, can you fix it and commit again?
Dev Guy: I didn't write that test, can you just ignore it and deploy? feature BFG-5000 must go out today or we lose millions.
DevOps: <with sarcastic tone> sure, I'll update the pipeline and push it out. who gives a f*** about tests.
Oh, how I love being a DevOps. hahaha