The growing importance of the platform engineering team

How are roles and teams evolving to deal with the rapidly changing cloud-based landscape?
28 March 2023

Platform engineering teams – critical to evolving the face of the future?

We recently sat down with Kevin Bocek, VP of Ecosystem and Community at Venafi, a company that specializes in machine identity management and application outage prevention, to take soundings on a range of cutting-edge cybersecurity questions. In Part 1, we discussed the impact of ChatGPT and generative AI on the world of coding and programming. In Part 2, we took on machine identity management in the increasingly complex multicloud world. Towards the end of that discussion, Kevin explained that there was a genuine need for a rising new phenomenon in tech – the platform engineering team.

While we had him in the chair, we decided to explore what the platform engineering team, (and the security engineering team) is all about – and why it’s becoming increasingly important in tech-dependent businesses.

New challenges, new teams.

THQ:

Last time, we came to appreciate the need for a lot of work to deliver both security and things like multicloud machine identity management. In the last handful of years though, security teams have had their hands increasingly full. Is that driving the development of platform engineering teams?

KB:

Three or four years ago, platform engineering teams weren’t at all common, but now they’re increasingly common in medium and large businesses. They’re essentially a new operations team that builds a consistent set of services, and then operates them for engineers as they develop applications.

It’s important to remember that they are engineers. Platform engineering is engineering, which means it’s a case of building platforms with code. It used to be the operations teams for instance that would build a load balancer, and deploy it to perform various functions for applications running on application servers… that they were also running. Developers would install their applications on those application servers.

Now what we see is that platform engineers are bringing together different sets of cloud services, and they’re integrating them together with code, like with Ansible, or TerraForm, and so you’ve got this engineering work that’s bringing together these common sets of services that engineers then start using from day one. They can just dump their application to an application server, they’ll put it into their Kubernetes cluster, which the platform team has designed to be consistent, whether it’s running in the data center or on AWS, for example.

The burden of reliability.

The platform engineering team is responsible for reliability.

THQ:

And reliability is key these days.

KB:

Absolutely. So yes, this idea, the platform engineering team, is newly emergent, and what we’re also starting to see is that it’s well aligned with the work of security teams, who are trying to catch up or understand this new cloud-native world.

That means we’re also starting to see the emergence of security engineering teams. Not security teams who’ve started to try and learn engineering. But in engineering teams, security experts evolve, and then you’ve got security engineers. If you talk to any software development business, you’ll find that there may be even more security engineers in their engineering teams than there are in their IT security teams.

And this is another emerging trend, just as we saw four years ago or when platform engineering teams emerged.

The security future.

As to the future, all the signs point to the likelihood that there are going to be very large security engineering teams – and businesses. There will still be chief security officers. They’re going to be security architects, analysts, but there’s going to be this other security engineering team and it’s going to be really, really important.

Platform engineers have very much become the unsung heroes of tech-dependent, multicloud-based businesses. They’ve been the ones actually making the world of the cloud really work for businesses. Bringing the reliability, bringing some level of consistency across the board. The same thing looks likely to play out with security engineering teams over the next few years too.

THQ:

That’s an inevitable progression, you think?

KB:

I think so, yes. It might not have been, just a few years back, but now, I think so. And I think it’s going to have an interesting consequence. One of the things that chief security officers and others have really been trying to draw attention to is, “Wow, we’ve got all these unfilled roles for security professionals.”

Well, what we see more and more is that as security engineering teams grow in popularity, they’re building security with code and driving automation. I think we’re going to actually see the gap close. But what we’re going to need is engineering experts. So security engineers will need a different set of skills from those that traditional IT security experts in the past have possessed.

THQ:

An emergent pathway that closes one gap of necessary skills, but opens others as it needs new skills to function?

KB:

That feels like the way the future is going, yes. From platform engineering teams to security engineering teams, and opening that new skills gap ahead of itself.

Strange days?

THQ:

Particularly strange times, or just a natural evolution of what’s come before?

KB:

I would say that it’s the most exciting time, especially to be a security professional. The world is changing so fast, and there are new exciting technologies, whether that is cloud-native capabilities, whether that’s AI capabilities, or whether that’s something else.

Our role is only going to become more important, but the skills required to be useful are changing really fast. So the one thing I always encourage for every cybersecurity professional is “Go code. Go get get familiar with what developers are doing.” Learn a new coding language, because not only will it be fun, but it may well lead to new opportunities, new ways to exploit your new skills.

That’s always my recommendations for security professionals. Go code.