If you???re a software engineer you???ve probably seen one or two of your colleagues graduate from Senior Developer to Developer Manager ??? some with the sobering realization that managing a team of developers requires significant cross-functional skillsets.
Foundationally, to be a successful Developer Manager you must know your stuff when it comes to software development, be passionate about the importance of security, and come equipped with communication skills that will enable you to bring siloed teams together. More often than not, these skills will come naturally as you move through your career in software engineering, but it???s never too early to start honing in on what will make you a great Developer Manager down the road.ﾂ?
We asked a handful of Veracoders to talk about what they think are the most important qualities for Developer Managers to have in their back pocket and ways that managers can effectively lead their teams in the right direction.
Become a supportive advocate. Doug Wilcox, Principal Software Engineer at Veracode, says it???s all about how a good manager supports their team. ???Always be the team’s advocate, protect the team from the often-changing priorities and occasional unreasonable demands from higher up,??? Doug says. Those unreasonable demands can cause panic and unnecessary stress that derails an entire project, so it???s important to understand the difference between a five-alarm fire and a fire drill.
Doug elaborates that being supportive includes providing opportunities for professional growth, especially in areas of team leadership. Becoming that anchor for your team will help to keep frustrations down and spirits high, especially if you act as a communication bridge between security and development ??? two teams that are often siloed. ﾂ?
Be a tank for the team (when it???s right). Dan Murphy, Principal Software Engineer at Veracode, also stresses the importance of managers protecting their teams ???Act as a ???tank??? to shield developers from organization overhead. Push back to give developers the time to do things right,??? he explains. ???But ensure that ???right??? is always aligned with business interests. Security usually is!??? Any team can buckle under the pressure coming from various departments, especially those directly above.
Good Developer Managers can shield their teams while keeping projects on track to meet tight deadlines. Establish boundaries with other team leaders and make sure everyone involved understands how your team functions, which tools they use, and how they prefer to communicate.
Set realistic timeline goals. Kayla Firestack, Associate Software Engineer at Veracode, underscores the importance of timelines and deadlines when racing to produce code. She says, ???Understand that it’s very difficult to actually figure out how much time something will take if things are done properly. And ignoring tech debt makes working conditions worse.??? While projects can and do morph on the fly, setting expectations on a sudden change of direction or added steps that slow things down is critical to maintaining a happy (and sane) team of developers.
As Kayla points out, overlooking security debt can also compound these issues and place even more pressure on teams of developers to write quality code under tight deadlines. Work with the security team to set priorities for remediating vulnerabilities so that you know what your developers need to tackle first when new flaws are discovered.
Provide mentorship resources for success. Zachary Estrella, a DevOps Engineer at Veracode, knows firsthand the importance of a manager who also acts as a resource center for growth. ???I think Developer Managers should provide any resource the developer needs for success. A Developer Manager also needs to offer some type of mentorship program to younger developers,??? he says. Becoming a mentor can be as simple as providing opportunities for developers with an interest in security so that they can use their leadership and security skills efficiently.
Consider standing up a security champions program to empower a member of your team who keeps security at top of mind and cares about the quality of the code they produce. The security champion you choose can then help you encourage the team to shift security left in the software development lifecycle (SDLC), reducing the number of flaws potentially discovered later in the development process and saving the organization money. That???s a win-win.
Offer engaging training solutions. Tim Jarrett, Veracode???s Director of Product Management and Strategy, offers concise words of wisdom: ???Support training initiatives.??? These may range from eLearning tutorials and courses on various languages to workshops and webinars that cover professional growth, ideally with content tailored to how your developers work every day. Developer training is essential to the growth of your team, as well as to their impact on the business. As the development process speeds up and security shifts left, developers must be well-equipped to spot and fix vulnerabilities before they become a problem for the organization.
Now, more than ever, this means developers need skills, tools, and ongoing training they may not have had in school or early on in their careers. Look for solutions like Veracode???s self-paced eLearning and instructor-led remote education, secure programming workshops, and hands-on training with Veracode Security Labs that teaches developers how to exploit and fix real-world vulnerabilities. Lead by example and take the initiative to use these training tools as well, showing your developers that they should never stop learning if they want to be successful.
Projects move quickly in modern software development, and the health of your code is more important than ever. Possessing these qualities and skills as a Developer Manager will not only make your team more successful but also it will help your developers set off on the right career path for their skills and goals.
Read our whitepaper to learn more about developer training, including how to boost security knowledge for your team of developers.
*** This is a Security Bloggers Network syndicated blog from Application Security Research, News, and Education Blog authored by [email protected] (mmcbee). Read the original post at: https://www.veracode.com/blog/managing-appsec/what-does-it-take-be-effective-developer-manager