Over ten years of DevOps, every movement gets reduced to its technical artifacts. Agile became Scrum and TDD. ITIL became ticket systems. DevOps became CI/CD and infrastructure-as-code. It makes me sad when I see “Agile vs DevOps” or “DevOps vs SRE” articles – the same reductive thinking repeating itself. When I moved into the serverless world with a small startup, I briefly wondered if DevOps was over – we were just consuming APIs. Then I realized the collaboration just shifted form: status pages, exposed error rates, direct Slack channels with engineers, postmortems.
Technology amplifies human forces – it does not replace them. You can absolutely do DevOps without automation. If certain things are too hard to automate, the collaboration still matters. When I joined Snyk and dove into the DevSecOps world, I found the same pattern: booths full of tools, everyone selling verification. The traditional security mindset of “trust no one” mirrors how ops used to be treated – the bastard operator from hell nobody trusted, which birthed shadow IT.
The distinction between confidence and trust is subtle but important. CI pipelines build confidence through repetition – if it passed 50 times, it will probably pass on the 51st. Trust is on a different level entirely. The ironies of automation apply: the more you automate, the less experience people have operating manually, the more you need chaos engineering to stay sharp. Pipelines themselves become legacy systems that resist change.
The Thin Book of Trust provides the model: sincerity (walking the walk), reliability (being there consistently), competence (having the knowledge), and care (genuinely giving a damn). When I interview people in the DevSecOps space, the first 50 minutes are about tools, but what they really want is to trust the other group and make security a shared responsibility. The Etsy example is instructive: they replaced a five-person approval requirement for sensitive config files with a non-blocking notification – trusting the engineer while maintaining visibility.
We generally think of others as less trustworthy than ourselves, judging ourselves by intentions and others by behavior. DevSecOps requires flipping this: how can we become more trustworthy? Be sincere, be reliable, build competence, and care about the other group’s problems. It is slow, there are no shortcuts, and tools alone will not get you there.
Watch on YouTube – available on the jedi4ever channel
This summary was generated using AI based on the auto-generated transcript.