DevOps to DevSecOps: A Cultural Shift

DevOps teams deliver at pace, whereas the traditional security teams are falling behind. How do we make DevSecOps work?

DevOps teams have evolved in recent years and can deliver at pace, streamlining and automating software development and operational processes via a CI/CD pipeline. On the other hand, security teams have been slow to react and are playing catch up. The main reason for this is that generally the security teams are considered external entities and are involved only towards the end of the software development lifecycle. Also, the security tooling has been slow to react to the speed and demands of DevOps teams.

Joining forces between DevOps and Security

A next logical step appears to join forces between both DevOps and security teams so that the security team is closer and more approachable to the DevOps teams, and by following the shift-left mantra, can perform security activities at every step of the software development lifecycle as soon as the DevOps teams are ready to build a new feature.

Is it that simple?

DevOps + Security = DevSecOps?

Not Exactly!

A general consensus is that on average, in any company, the ratio of security…