In 2018 we did research at NTNU Trondheim about DevOps and security. We conducted in-depth interviews with industry professionals to find out what the state of secure DevOps was in the Norwegian IT industry. First and foremost, we uncovered a divide between security professionals and developers. Some developers referred to security guidelines as propaganda and talked about how security gets in the way of their work. At the same time, we interviewed representatives from organisations where security was an integral part of the development process. What is the difference between these two realities? Why is it that security is seen as a hurdle in some organisations while it is embraced in others?
This ignite talk will offer an answer to the question of why some developers embrace security while others feel that it gets in the way. We will show how the development-security gap can be bridged with DevOps principles. Based on the four pillars of DevOps - CAMS (culture, automation, measurements and sharing) we will show what organisations can do to create an environment where security is taken care of and cared about.