In the digital age, security can no longer be an afterthought. As organizations modernize their IT environments through digital transformation initiatives, it’s become more critical than ever to bake security into new applications from the start.

Virtualization giant VMware recognizes this new reality, which explains why it has decided to acquire two companies that give the company a stronger foothold in digital transformation and cybersecurity.

One of the companies, Pivotal Software, brings to VMware a platform for developing applications in the cloud. The other, Carbon Black, has a cloud-native endpoint protection platform that ensures this is done securely. Together, the acquisitions send a strong signal by VMware and its parent company, Dell EMC, that it is serious about the role DevSecOps plays in developing modern, cloud-based workloads.

VMware CEO Pat Gelsinger said the acquisitions address two critical priorities for VMware – “building modern, enterprise-grade applications and protecting enterprise workloads and clients. With these actions we meaningfully accelerate our subscription and SaaS offerings and expand our ability to enable our customers’ digital transformation.”

From a security perspective, the move is especially significant. While in the past, security often took a backseat in development, it has become a priority. As organizations build workloads in the cloud and integrate them into hybrid environments, they are thinking about security from day one.

“We now have the opportunity to seamlessly integrate Carbon Black’s cloud-native endpoint protection platform into all of VMware’s control points. This type of bold move is exactly what the IT and security industries have been looking to see for a very long time,” said Patrick Morley, CEO, Carbon Black.

Addressing the Skills Gap

In highlighting the importance of DevSecOps, the VMware acquisition of Carbon Black also helps call attention to the need for advanced cybersecurity and cloud security skills. Currently, there is a shortage of nearly 3 million cybersecurity workers worldwide, something (ISC)² is helping to address with its cybersecurity education curriculum.

Part of (ISC)²’s Professional Development Institute (PDI), DevSecOps: Integrating Security into DevOps is a self-paced online course that delivers in-depth instruction on making security an integral part of the development cycle to achieve DevSecOps. The course is targeted at experienced cyber, information, software and infrastructure security professionals looking to launch or strengthen a DevSecOps program in their organizations – or make security an integral component in their digital transformation strategies.

(ISC)² also recently launched a course on Cloud Basics as part of PDI, which is the first in a series of courses on the cloud, designed to provide a solid understanding of cloud computing including key drivers and rationale for moving to the cloud, cloud architecture and computing concepts and characteristics, cloud service and deployment models, and cloud brokers.

The growing popularity of (ISC)²’s Certified Cloud Security Professional (CCSP ) certification has been well-documented. In January 2019, Certification Magazine recognized it, for the fourth year in a row, as the “Next Big Thing” in its annual salary survey. The magazine’s survey respondents reported that the CCSP would be the most-pursued certification by security professionals in 2019, just ahead of the CISSP certification. (ISC)² research in 2018 showed a similar trend, with the CCSP and CISSP cited as the most sought-after security industry certifications globally last year.

As the VMware acquisitions demonstrate, as cloud computing applications and security continue to intersect, it will drive a greater need for more education among cybersecurity professionals to ensure that DevSecOps is a foundational aspect of the cloud migration process.