The Human Side of DevSecOps
Much attention is focused to the technology aspects of DevOps, including how to automate security testing. But DevOps is as much a cultural movement as anything else, with a strong focus on feedback loops and continuous improvement. How can organizations implement these aspects of DevOps culture when integrating security, given the massive shortfall in skilled information security personnel? This talk discusses organizational and cultural aspects of DevOps with an emphasis on the role of “security champions”—developers cross-trained in information security basics—in executing a successful DevSecOps transformation.