Welcome to the show! Today, we share an inspiring story of career transformation. We're talking to Kelly, who went from being a traditional system administrator focused on managing legacy systems to becoming a Certified DevSecOps Engineer.
However, a major security incident – a vulnerable container image making it into production despite perimeter defences – was a real eye-opener. It showed her that traditional security methods weren't quite cutting it for modern, cloud-native applications. This pivotal moment sparked her interest in DevSecOps, but figuring out the next step wasn't immediately obvious. While she had solid Linux and basic Python skills, the world of DevSecOps demanded new expertise: thinking about secure CI/CD pipelines, understanding containers, and mastering tools for SAST, DAST, SCA, Infrastructure as Code, and Compliance as Code.
Seeking a path forward, Kelly stumbled upon Practical DevSecOps through their extensive YouTube content. What really resonated wasn't just the technical depth, but their practical, real-world approach to security automation. As Kelly puts it, the free YouTube tutorials were "eye-opening". They didn't just show how to use tools, but explained why certain security controls were vital and how they fit into the overall picture of secure software delivery. She found the instructor's ability to explain complex concepts like Container Security Scanning and GitOps using real-world scenarios made everything "click".
Even with such valuable free content, Kelly knew a structured learning path was essential to achieve her career goals. That’s why she made the decision to invest in the Practical DevSecOps Certification Course. Her study routine became intense but strategic: two hours dedicated to course materials every weekday evening and four to six hours on weekends for hands-on labs and practicing with open-source tools. Time management was her biggest challenge, juggling a full-time job with this intensive learning. But the course's modular structure helped her progress steadily, and the hands-on labs ensured she built practical skills every step of the way.
Key technical skills she gained included building her first secure CI/CD pipeline using GitLab, learning to build container images, automating SCA and SAST tools, implementing automated vulnerability scanning with OWASP ZAP, setting up Infrastructure as Code security scanning with Checkov. She also gained an understanding of Compliance as Code and Vulnerability Management. She also absorbed the 'DevSecOps Gospel' – best practices for picking and automating tools.
Just six months later, Kelly's enhanced skill set attracted attention, leading to opportunities at a major fintech company. Her interviews involved practical demonstrations of the skills she’d honed, like setting up secure pipelines in GitLab and Jenkins and building enterprise-level DevSecOps pipelines. The outcome? A senior DevSecOps engineer position with a remarkable 65% salary increase and the chance to lead security automation initiatives.
Today, Kelly leads a team, implementing automated security testing in CI/CD, cloud-native controls, Compliance as Code frameworks, and security metrics. Beyond the technical wins, she finds the cultural change most rewarding. Developers now grasp security better, security teams appreciate automation, and secure features are delivered faster. Kelly firmly states her transformation "wouldn’t have been possible without the solid foundation I got from Practical DevSecOps".
Kelly’s advice for aspiring DevSecOps professionals? Start with the right training, particularly through a Certified DevSecOps Professional course, to gain practical skills within a span of 3 months.