“WTF is DevSecOps?”

If you’re a person working in security or software development, you’ve probably heard about DevSecOps before and wondered what it is or if it even works. Perhaps you’re a DevSecOps practitioner and sometimes you’re not sure about what you’re doing. Is it yet another tech buzzword? A trend? Well, this is the article for you because Eliza May Austin, a security expert and the CEO and co-founder of explored these and other questions around DevSecOps in All DayDevOps session called “WTF Is DevSecOps?” She is also the Founder and Director of Ladies of London Hacking Society.

So WTF is DevSecOps, anyway? Let’s explore.

Is DevSecOps Just a Trend?

If you go to any job board and type in “DevSecOps,” you’re immediately inundated with multiple listings with titles like “DevSecOps engineer,” “DevSecOps practitioner,” etc. In addition, many developers, pen testers, and security engineers are suddenly adding DevSecOps to their CVs in the hopes of getting opportunities in the field or even more compensation. So there’s no doubt DevSecOps is trendy. Further, if you ask developers, they’ll say, “It’s great! We love it.” And people who claim to have integrated DevSecOps are also big fans.

However, most security engineers have no clue what DevSecOps is.

By definition, DevSecOps is the practice of including security in the development process. It’s mostly a philosophy or a process of doing things. Why would a philosophy/process have dedicated job listings?

Take the example of agile. As a security engineer, you might not necessarily practice agile, but you’d be able to work in an agile environment. Shouldn’t it be the same with DevSecOps?

All this indicates that DevSecOps might be a trend more than anything else.

In theory, it’s fantastic. Automating security? Security as code? All great ideas. However, in practice, it (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Elizabeth Kathure. Read the original post at: