Putting the “sec” in “DevSecOps” can seem frustrating and cumbersome for developers. Security can require enterprises to incorporate a long, complicated list of security policies, procedures, and tools into their SDLCs- a daunting and chaotic process. As The Phoenix Project by Behr, Spafford, and Kim showed us through the inefficient whims of their fictional CISO “John”, security- from a developer’s perspective- has the capability to handicap the well-oiled machine of the DevOps cycle.
But security doesn’t have to be at odds with development. The development and security teams are better together, with a new mindset: integration. Rather than security as a separate entity from development, the two can work together through integrating security practices within DevOps.
This integration requires security to build on the same rich DevOps history that agile development practices have already gotten right in recent years. A quick study of DevOps history shows that every aspect of agile development really matters.