AI-Driven Microlearning for Proactive DevSecOps: Closing the Security Skill Gap

DevSecOps, defined as the integration of security practices into the entire software development lifecycle (SDLC), ensures a focus on both security and reliability from inception to deployment. Although numerous tools support the diverse stages of DevSecOps, managing the vast array of generated data, particularly regarding organisational capabilities and expertise, remains a challenge. In this research, we introduce a novel Competency Management Support Tool (CMST) designed to analyse software development metrics and artefacts, thus providing deep insights into existing team skill sets. Using the data analysed by the CMST, we subsequently developed and defined a specialised educational component that uses Artificial Intelligence (AI) and Microlearning principles. This integrated tool chain effectively identifies skill gaps and security vulnerabilities within a development team by meticulously analysing historical and ongoing development data. Upon identifying these deficiencies, the system automatically designs and prepares customised microlearning sessions. The primary goal of this AI-driven approach is to enhance security awareness and technical expertise proactively, thereby preventing the recurrence of security-related issues in future software iterations and fundamentally strengthening the organisation’s DevSecOps maturity.