Ali Yazdani

DevSecOps culture

Stop thinking about security tools. DevSecOps is a cultural transformation, not a technology problem.

DevSecOps culture
#1about 2 minutes

The evolution from traditional security to DevSecOps

Traditional security testing at the end of the pipeline creates friction and downtime, leading to the rise of DevSecOps to integrate security with development and operations.

#2about 2 minutes

DevSecOps is a culture, not just a set of tools

Implementing DevSecOps successfully requires focusing on its three core pillars—people, process and tools, and governance—rather than just adopting new technologies.

#3about 3 minutes

The people pillar and establishing shared responsibility

Breaking down traditional silos between development, security, and operations is crucial for creating a shared responsibility model where everyone contributes to security.

#4about 2 minutes

The technology pillar and automating security tests

Technology enables DevSecOps by automating repeatable security tests like secret scanning, SAST, and software composition analysis within the CI/CD pipeline.

#5about 2 minutes

The governance pillar for tracking progress and compliance

Governance provides structure through policy as code and visualization, helping teams track security posture, manage expectations, and ensure compliance.

#6about 2 minutes

Overcoming common DevSecOps implementation challenges

Successfully implementing DevSecOps involves navigating cultural resistance, ensuring seamless tool integration, and meeting complex compliance requirements like ISO 27001 and SOC 2.

#7about 2 minutes

Reducing costs by shifting security left

Shifting security practices earlier in the development lifecycle, such as with pre-commit hooks, significantly reduces the cost and effort required to find and fix vulnerabilities.

#8about 1 minute

Communication is key to a successful DevSecOps journey

Clear and consistent communication with developers about the purpose and implementation of security measures is the most critical factor in reducing friction and ensuring adoption.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

The cultural shift from DevOps to DevSecOps
03:26 MIN

The cultural shift from DevOps to DevSecOps

You can’t hack what you can’t see

Integrating security into the DevOps lifecycle with DevSecOps
04:42 MIN

Integrating security into the DevOps lifecycle with DevSecOps

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Exploring the core principles of DevSecOps
04:55 MIN

Exploring the core principles of DevSecOps

DevSecOps: Security in DevOps

Integrating security into the DevOps lifecycle (DevSecOps)
05:52 MIN

Integrating security into the DevOps lifecycle (DevSecOps)

Demystifying DevOps—Pros, cons, dos & don'ts

Defining DevOps as a culture of collaboration
02:32 MIN

Defining DevOps as a culture of collaboration

Demystifying DevOps—Pros, cons, dos & don'ts

The modern DevSecOps approach to application security
04:29 MIN

The modern DevSecOps approach to application security

Maturity assessment for technicians or how I learned to love OWASP SAMM

The future of DevOps is system hardening and security
05:26 MIN

The future of DevOps is system hardening and security

Demystifying DevOps—Pros, cons, dos & don'ts

DevOps as an outcome of a healthy engineering culture
02:23 MIN

DevOps as an outcome of a healthy engineering culture

DevOps at Netflix

Featured Partners

Related Videos

See all videos
Organizational Change Through The Power Of Why - DevSecOps Enablement
26:50

Organizational Change Through The Power Of Why - DevSecOps Enablement

Nazneen Rupawalla

Demystifying DevOps—Pros, cons, dos & don'ts
51:13

Demystifying DevOps—Pros, cons, dos & don'ts

Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:

The journey from developer to devops - what i've learnt along the way
42:44

The journey from developer to devops - what i've learnt along the way

Liam Hurrel & Alireza Chegini

DevSecOps: Injecting Security into Mobile CI/CD Pipelines
45:08

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Moataz Nabil

Open Source Secure Software Supply Chain in action
32:55

Open Source Secure Software Supply Chain in action

Natale Vinto

Securing your application software supply-chain
28:27

Securing your application software supply-chain

Niels Tanis

We adopted DevOps and are Cloud-native, Now What?
34:46

We adopted DevOps and are Cloud-native, Now What?

Bruno Amaro Almeida

Why shifting left is so important for software developers
41:51

Why shifting left is so important for software developers

Jemiah Sius

Related Articles

View all articles
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
Christina Schaireiter
Why Attend a Developer Event?
Modern software engineering moves too fast for documentation alone. Attending a world-class event is about shifting from tactical execution to strategic leadership. Skill Diversification: Break out of your specific tech stack to see how the industry...
Why Attend a Developer Event?

From learning to earning

Jobs that call for the skills explored in this talk.

DevOps Engineer

DevOps Engineer

DevSecOps, Inc.
Carson City, United States of America

Azure
DevOps
Python
Docker
Jenkins
+8
DevSecOps

DevSecOps

Schwarz Corporate Solutions
Barcelona, Spain

Senior
Bash
Azure
Linux
Kafka
DevOps
+10
DevOps Engineer

DevOps Engineer

Cgi's Secure Space Systems
Reading, United Kingdom

Linux
DevOps
Gitlab
Ansible
Jenkins
+3