Security is about to be a DevOps job, too. What will you do?

DevOps pros are already infrastructure, systems, & build engineers. They’re about to become security engineers too. The buzzword in app & infra security is to “shift left,” integrating security into the development process. How will you incorporate yet another massive responsibility into your role?

Many of us have been hugely successful with the shift from “throw software over the wall” into build & deploy automation. But as they say, the reward for a job well done is more work. With the push to “shift security left” and integrate security early into the development, build, and deployment pipeline, DevOps engineers who already provide build and infrastructure services are being asked to assume another huge responsibility. How will those teams adopt yet another discipline?

This talk will go over the trends in shifting security left, the shape of the tooling that DevOps teams are being asked to adopt, and the traps that lie ahead for teams who have been asked to assume this burden. We’ll look at success patterns and discuss how to apply CALMS principles to build harmony with security and compliance organizations.

If it’s not here already, this change is probably coming to your organization whether or not you’re ready. After this talk, you should feel confident that you know how to prepare.



Chip Johnson


Product Manager, Mondoo. Obsessed with making tools you’ll love.

Chip Johnson is a Product Manager at Mondoo, focused on making tools you’ll love. He’s been a part of the DevOps