This is the first in a many-part blog series on the topic of **DevSecOps. **Throughout the series we will discuss weaving security through DevOps in effective and efficient ways. We will also discuss the ideas that security is everybody’s job, it is everyone’s duty to perform their jobs in the most secure way they know how, and that it is the security team’s responsibility to enable everyone else in their organization to get their jobs done, securely. We will define DevOps, ‘The Three Ways’, AppSec and DevSecOps. We will get in deep on the many strategies we can adjust security activities for DevOps environments, while still reaching our goals of ensuring that we reliably create and release secure software.

In summary; We will discuss how to make security a part of our daily work. It cannot be added later or after, it needs to be a part of everything.

But let’s not get ahead of ourselves, I have many more posts planned where I will attempt to sway your opinion my way.

Tanya Janca, also known as SheHacksPurple, presenting her ideas in Sydney Australia, 2019. Artwork by the talented Ashley Willis.

The main articles in this series will be public and freely available, but the sub-articles and links may be behind the SheHacksPurple.dev paywall. If you find this series helpful, please consider supporting the author by paying the $7 subscription fee, the equivalent of a fancy latte.

Before we get too deep into anything I’d like to dispel some myths. Look at the image below. This is how some security professionals see DevOps.

#software-development #devops #application-security #devsecops #appsec