DevSecOps is a misnomer. The idea that Security is smashed in between Dev and Ops is exactly the problem we face. Many believe security is the blocker before getting their application out to production. Owned by some distant, unapproachable team, security can seem like the new deep divide with a ‘throw it over the wall’ mentality.
Instead, Security must be sprinkled throughout the DevOps cycle, taught from the beginning when developing best practices, and owned by the entire team. In this talk, I will share 1 slide that overlays exactly where Security fits in the “DevSecOps” pipeline and culture and pipeline touching on specific challenges companies face, and the things they do to address those challenges from Threat Modeling and Risk Classification, Security Education, Automated Policy Enforcement, Secrets Management, Vulnerability Scanning, SAST and DAST, monitoring, and more.