Over the last 14-plus years of my journey through DevOps, I’ve had the good fortune to meet some of the smartest, most generous, most forward-thinking people in our industry. It’s one of the things I’m most thankful for—the friendships and shared learning that come from being part of a community that is always pushing boundaries. And of all the brilliant people I’ve met, none has been more influential, inspiring, or personally meaningful to me than my friend John Willis.

My only regret is that I didn’t get the chance to meet John 30 or 35 years ago. Oh the things we would have explored. For those who’ve been around DevOps for a while, John needs no introduction. For those newer to the space, John is truly one of the OGs of the DevOps movement. He has co-authored multiple books on DevOps, spoken at countless DevOpsDays and other events worldwide, and served as one of the great ambassadors of this movement. His boundless curiosity and relentless pursuit of knowledge have taken him far beyond the world of DevOps into areas like artificial intelligence and even quantum computing. And yet, for me, John remains one of the truest reflections of what’s good about the DevOps community.

DevOps Beyond Pipelines and Speed

John recently published a flagship post on LinkedIn titled Security Is Behavior: DASP and DevOps. In it, he once again reminds us what lies at the heart of DevOps—and what too many have forgotten.

For far too many people, DevOps has become synonymous with CI/CD pipelines, automation, and speed. Don’t get me wrong—those things are important. But they are not the essence of DevOps. As John points out, the core of DevOps was never just tools or speed; it was about people, about culture, about how we work together. That’s a message we need to keep repeating, because it’s all too easy to lose sight of it in the rush of new tools and trends.

Remembering CAMS

For me, reading John’s post took me back to one of the foundational ideas he helped introduce to our community years ago: CAMS. Alongside Damon Edwards, John gave us a simple but powerful framework that distilled the essence of DevOps into four letters: Culture, Automation, Measurement, Sharing.

• Culture: DevOps starts and ends with people—building trust, empathy, and collaboration.
• Automation: Tools matter, but only in service of freeing people to focus on higher-value work.
• Measurement: What you don’t measure, you can’t improve. Metrics ground DevOps in reality.
• Sharing: The heart of community—knowledge shared, mistakes shared, success shared.

CAMS was never meant to be a rigid doctrine; it was a compass. And just like then, it remains a compass today, pointing us toward what matters most when the allure of shiny new tools threatens to distract us.

DevSecOps and the Ownership of Security

John’s post is also a timely reminder that security cannot be bolted on as an afterthought. Developers, operators, and security professionals must all share responsibility. DevSecOps will never succeed unless developers feel true ownership for security, not just compliance.

John put it perfectly in his post:

“Security is not a tooling problem or a compliance checklist. It is a people problem, and solving it requires behavior change, cultural alignment, and leadership that actually cares.”

No words were ever truer. This isn’t just advice for practitioners—it’s a call to action for every person in the DevOps ecosystem. Every vendor, every security team, every developer should read that quote, internalize it, and then read it again. We talk endlessly about “shifting left,” but unless we are shifting culture and behavior left, we are just paying lip service.

Why DASP Matters

Another important thread in John’s post is his emphasis on DASP—DevSecOps Automated Security Patterns. At its core, DASP is about codifying the recurring security challenges we face and creating reusable, automated patterns for solving them. It’s not about reinventing the wheel every time; it’s about learning from experience and embedding those lessons into the way we work.

What I find so valuable about John’s perspective here is that he doesn’t present DASP as something outside DevOps or bolted on top of it. Instead, he frames it as a reminder of what DevOps always was: people, behavior, culture, and shared responsibility. Tools may change, but those principles don’t.

By linking DASP back to the cultural heart of DevOps, John shows us that security can and must be part of the fabric of how we build software—not a separate layer applied afterward.

The True North of DevOps

Over the years, movements evolve. Words get watered down. What started as a revolution can risk becoming a buzzword. DevOps has not been immune to that. But leaders like John Willis keep us grounded. They remind us where we came from, what the movement was really about, and why it still matters.

That’s why I call John Willis the True North of DevOps and DevSecOps. He’s the compass who brings us back when we risk drifting off course. He’s the voice reminding us that for all our pipelines, our YAML files, our AI copilots and quantum explorations, at the end of the day, DevOps is—and always will be—about people.

As John himself concludes:

“DevOps was always about: people, behavior, culture, and shared responsibility.”

I can’t think of a better way to end this piece than to echo those words. For me, for DevOps.com, and for our entire community, John Willis is proof that those truths endure.