In this livestream with Susie Prince at Atlassian, we traced the arc from DevOps in 2009 to DevSecOps in 2022. The pattern I keep observing is that every new buzzword in our industry – DevOps, DevSecOps, platform engineering – highlights a pain that already existed. Nobody invents these terms in a vacuum. They emerge because practitioners are struggling with a specific silo or friction point and need a word to rally around.
DevSecOps is the natural next step because security teams occupy the exact same position that operations teams held fifteen years ago: a gate at the end of the process, perceived as a bottleneck, structurally separated from the teams whose work they need to influence. The “shift-left” mantra is only half the story though. Yes, you want security earlier in the pipeline, but “shift-right” matters just as much – runtime protection, production monitoring for security events, incident response. You need both directions, not just one.
The trust framework kept coming up in our conversation. I’ve been using four components borrowed from organizational psychology: competence, sincerity, reliability, and care. When a security team says “you must do X” and a development team resists, the breakdown is rarely technical. It’s usually about trust. Does the security team actually understand the developer’s constraints (competence)? Do they deliver consistent guidance (reliability)? Are they transparent about their reasoning (sincerity)? Do they care about the developer’s productivity, or just about risk reduction (care)?
Cultural change at the scale needed for DevSecOps requires CEO-level buy-in. You can’t grassroots your way to an organization-wide security culture if leadership doesn’t model and enforce it. The practical advice I gave was to start by stopping the bleeding. Don’t try to fix everything at once. Find the security issue that’s causing the most pain right now, fix it visibly, and use that win to build momentum. Prioritization is the skill that separates DevSecOps teams that ship from those that drown in backlogs.
Watch on YouTube — available on the jedi4ever channel
This summary was generated using AI based on the auto-generated transcript.