DevSecOps

Agile, scrum, kanban, iterate, cloud, continuous integration, continuous delivery, continuous deployment, DevOps, infrastructure as code, X as a service, machine learning, shift left, zero trust … Some days it feels like software development has turned into buzzword bingo. One of the latest additions to the card is DevSecOps.

For the last decade organisations have been breaking down the wall between developers and operations. Teams that adopt DevOps culture, practices and tools deliver better solutions faster. By shipping more often, teams unlock the value of their work and reduce the risk of problems in production.

While DevOps brought operations and development teams together, DevSecOps invites security specialists to the party. Rather than only the security team being responsible for security, teams embracing DevSecOps acknowledge that everyone has a role to play.

Like with DevOps, DevSecOps isn’t achieved by using a single tool. DevSecOps is a cultural shift which involves the security team as an active participant in the delivery pipeline. The security team provides guidance and tools that improve the security posture of the application.

Dave Hall Consulting has extensive experience baking security into the delivery pipeline. Talk to us if you want to adopt or enhance DevSecOps in your organisation.