Experienced Principal DevOps Engineer at global cybersecurity leader Palo Alto Networks explains how automation and secure-by-design systems are transforming cybersecurity amid a global talent shortage.
One of the most pressing challenges for the global IT market in 2026 remains the critical shortage of qualified cybersecurity professionals. According to the ISC2 report, the deficit has reached 4.8 million unfilled positions, and two-thirds of organizations admit they cannot secure their data with internal resources alone. The traditional model of "security as a final gatekeeper" is collapsing under the weight of rapid release cycles, making the role of engineers who can build security into the initial architecture indispensable.
To better understand how the industry is adapting to the cybersecurity talent shortage and how these challenges are being addressed, we spoke with Nikita Romm, a Principal DevOps Engineer at Palo Alto Networks and Kubestronaut with deep expertise in security-critical systems. His professional trajectory spans from building high-load cloud systems with strict reliability requirements to working with the Cortex product line, which secures code for more than 10,000 clients worldwide, while also contributing to applied research and professional communities that shape how modern DevOps and cloud security practices evolve.
As the cybersecurity talent shortage grows, companies are placing less emphasis on years of experience and more on the ability to manage complex, high-stakes systems - a shift clearly reflected in how Nikita Romm built his expertise.
Nikita began his career in classical system administration, where one of his first large-scale challenges involved building and deploying a cloud-based system designed to handle high user load and strict reliability requirements. The project required a unique approach to high-availability systems, where any downtime or security loophole could result in systemic failures at a national infrastructure level. Working with such stakes quickly shifted his focus toward DevOps as a discipline of precision. “Traditional administration has a limit: you either keep adding hardware, or you start scaling logic. I realized the future wasn't in fixing servers, but in building self-healing systems that could withstand unpredictable loads,” Romm recalls.
The implementation of Infrastructure as Code (IaC) practices enabled him to transition from manual configuration to programmable environments, eliminating human error at the syntax level. This approach yielded measurable results: release cycles were shortened from weeks to hours, and incident rates dropped. “At some point, it became clear that it’s not the duration of experience that matters, but the density of the tasks solved. In projects where automation determines the viability of a service, experience accumulates exponentially faster because every mistake in the code forces you to understand the entire underlying architecture,” Nikita notes.
This background allowed him to join Palo Alto Networks as a Senior DevOps Engineer in 2022, a role typically reserved for specialists with twice his formal years of experience, but one where his demonstrated ability to manage high-risk environments became the deciding factor. In this context, Romm’s progression illustrates how early exposure to complex, failure-sensitive environments can accelerate expertise far beyond traditional career timelines.
Another issue that becomes apparent at scale is maintaining consistent security standards across multi-cloud environments, where manual audits quickly turn into an operational bottleneck. This becomes especially evident at Palo Alto Networks, where Nikita Romm works on the Cortex product line, securing code for more than 10,000 organizations worldwide. In such systems, even a minor infrastructure misconfiguration can propagate instantly, affecting thousands of downstream users.
To address this challenge, Romm integrated SOC 2 and FedRAMP standards directly into deployment pipelines. By treating compliance requirements as technical specifications rather than bureaucratic checklists, he was instrumental in creating a system in which security policy is enforced automatically whenever code is committed. This turned compliance from a periodic burden into a native property of the system.
Nikita doesn’t limit this work to production environments. He brings a significant part of his hands-on experience into the research domain, including through his original monograph “Methodology for Automating and Securing DevOps Processes: CI/CD Optimization and Increasing Release Stability in the Corporate Environment,” which focuses not on theory, but on structuring approaches proven in real enterprise infrastructure. Today, this methodology is already becoming widely adopted in the industry.
His publications in ASRJETS, TAJET, IJC, ULETE, and IJSR continue this line of work, covering topics from reliability models in automated release cycles to Terraform–Kubernetes integration and shift-left security practices. In essence, this is an attempt to formalize engineering decisions that usually remain within individual teams and bring them into a broader industry discussion.
Nikita also applies his practical findings to the academic field, investigating how automated evidence collection can replace manual documentation. In his articles for the International Journal of Computer and American Scientific Journal, he detailed methods for optimizing cloud infrastructure and data protection. “Security shouldn’t be an 'add-on' remembered just before auditors arrive. When verification processes are baked into the code, the audit becomes a mere formality, and the system becomes 'secure by design,” the engineer is convinced.
Thus, as Romm demonstrates in practice, compliance can shift from a periodic process to a continuous function embedded directly into the system.
One final shift redefining modern cybersecurity is the transition from manual configuration to autonomous platform design. Nikita Romm operates at the forefront of this transition. His attainment of the "Kubestronaut" status, a rare distinction in the Kubernetes community, reflects his mastery of cloud-native orchestration. This expertise allows him to design resilient solutions for critical failover scenarios, such as cluster degradation or complex networking failures in distributed systems. For an industry suffering from a talent gap, having an engineer who can translate high-level security requirements into robust Kubernetes configurations is a significant competitive advantage.
Romm’s work goes beyond system reliability. Through code reviews and prototyping for high-load environments, he helps shape engineering standards across teams. His research, including publications, focuses on adaptive platforms that detect and mitigate threats in real time without human intervention.
Part of this work extends beyond internal teams and processes. Romm participates in the evaluation of technological solutions at the international level: for instance, he served on the jury at the AITEX Summit Winter 2026, where he assessed developments in the field of software architecture and AI-based infrastructure. To become a member of this judging panel, one must pass a rigorous selection process. For example, Nikita was invited for his professional achievements in Palo Alto.
At the same time, he is involved in professional communities such as Raptors.dev and AITEX, where the focus shifts from individual cases to broader approaches in building DevOps and cloud security practices. This is the level at which engineering work begins to influence not just a single product, but how processes are shaped across the industry.
Looking ahead, Romm sees DevOps evolving into Platform Engineering, where routine operations are handled by AI-driven agents, and engineers focus on designing the systems that manage them. “Future engineers won't have to manually 'turn bolts' in Kubernetes or configure firewalls one by one. The primary skill will be the ability to design the 'platform' itself—an ecosystem that manages risks and workloads at every level automatically,” Nikita notes.
Taken together, the outlined changes point to a broader transformation: as the talent gap persists, the industry is moving toward systems that require less manual intervention and more architectural thinking, making the ability to design secure, adaptive platforms a defining skill of modern engineering.