What is DevSecOps to Me?

I’ve always thought of myself as a security engineer…I like tools and technologies. I like the technical aspects of the job. When I first heard DevOps, and later DevSecOps, I always thought that it had to do with developers, and that it would never have anything to do with me directly. Turns out that it is far more than I could have ever imagined.

Think of baking in security to everything that you do as you do it. For development work, that means including security processes at each step in the development process, i.e. risk assessments, vulnerability scans, penetration testing, etc. Now think of how you can build security into other workflows.

As trends shift towards datacenters in the cloud, and infrastructure as code, think of all the ways that security can become a part of the process. Imagine your security team managing a PowerShell script or a bash script that is run right after a server is brought online. Imagine being able to automate the provisioning of a firewall or a load balancer…the possibilities are endless.

So what is DevSecOps to me? It’s new, and challenging, and I believe that it is the way of the future.

I am curious what you, my readers think of this trend. What are your thoughts on where things are headed and on DevSecOps? What is DevSecOps to you? Can you think of improvements you could make by embracing a DevSecOps approach?