This is the extended version of the “Trust me, we’re doing DevSecOps” presentation, covering the full reasoning around trust, promise theory, and the human side of security integration. DevSecOps is not anything inherently special – it is all about working together as a team, and the Lencioni model shows that trust is the most fundamental feature of a functioning team.
A lot of DevSecOps talks focus on “trust but verify,” which I would characterize more as “dev sec cops” – policing through verification. We use tooling as a drug, continuously adding more checks, more gates, more automation. Aaron Rinehart coined the term “continuous verification,” and it captures the intent: security never stops being verified. But humans are part of the system too. Leave your system untouched for long enough and it will decay, because the human decisions that keep it running stop happening.
The cost of distrust shows up most clearly in backlog prioritization. Developer-first, security-first, ops-first – everyone wants their priorities at the top. Gunther Dueck calls optimizing for a single dimension “stupidity.” The Black Swan Farming canvas adds nuance: you do not just increase revenue, you protect revenue, reduce costs, and avoid costs. Security investment falls into protect and avoid – equally valuable as new features.
Promise theory frames this well. Every agent makes promises but cannot guarantee outcomes or make promises on behalf of others. Security cannot promise the company is secure. Developers cannot guarantee business value delivery. What you can do is keep your own promises without over-promising. Policies and procedures help, but they cannot be seen as controls at all costs. The language of promises must be shared – I had never heard “security posture” before entering the DevSecOps world, but learning shared vocabulary is part of building trust.
The Thin Book of Trust identifies four dimensions – sincerity, reliability, competence, care – that apply to evaluating both people and libraries. We naturally think of ourselves as more trustworthy than others, judging ourselves by intentions and others by behavior. The work is reversing this: becoming trustworthy through consistent behavior, keeping promises, and caring about the problems others face. Trust builds slowly and breaks fast. There are no shortcuts, but the Agile Conversations book offers practical techniques for the hard interpersonal work that makes it possible.
Watch on YouTube – available on the jedi4ever channel
This summary was generated using AI based on the auto-generated transcript.