Ali Yazdani

DevSecOps culture

Stop thinking about security tools. DevSecOps is a cultural transformation, not a technology problem.

DevSecOps culture
#1about 2 minutes

The evolution from traditional security to DevSecOps

Traditional security testing at the end of the pipeline creates friction and downtime, leading to the rise of DevSecOps to integrate security with development and operations.

#2about 2 minutes

DevSecOps is a culture, not just a set of tools

Implementing DevSecOps successfully requires focusing on its three core pillars—people, process and tools, and governance—rather than just adopting new technologies.

#3about 3 minutes

The people pillar and establishing shared responsibility

Breaking down traditional silos between development, security, and operations is crucial for creating a shared responsibility model where everyone contributes to security.

#4about 2 minutes

The technology pillar and automating security tests

Technology enables DevSecOps by automating repeatable security tests like secret scanning, SAST, and software composition analysis within the CI/CD pipeline.

#5about 2 minutes

The governance pillar for tracking progress and compliance

Governance provides structure through policy as code and visualization, helping teams track security posture, manage expectations, and ensure compliance.

#6about 2 minutes

Overcoming common DevSecOps implementation challenges

Successfully implementing DevSecOps involves navigating cultural resistance, ensuring seamless tool integration, and meeting complex compliance requirements like ISO 27001 and SOC 2.

#7about 2 minutes

Reducing costs by shifting security left

Shifting security practices earlier in the development lifecycle, such as with pre-commit hooks, significantly reduces the cost and effort required to find and fix vulnerabilities.

#8about 1 minute

Communication is key to a successful DevSecOps journey

Clear and consistent communication with developers about the purpose and implementation of security measures is the most critical factor in reducing friction and ensuring adoption.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

Using content channels to build an event community
04:49 MIN

Using content channels to build an event community

Cat Herding with Lions and Tigers - Christian Heilmann

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Breaking down silos between HR, tech, and business
03:39 MIN

Breaking down silos between HR, tech, and business

What 2025 Taught Us: A Year-End Special with Hung Lee

Why corporate AI adoption lags behind the hype
03:28 MIN

Why corporate AI adoption lags behind the hype

What 2025 Taught Us: A Year-End Special with Hung Lee

Rapid-fire thoughts on the future of work
02:44 MIN

Rapid-fire thoughts on the future of work

What 2025 Taught Us: A Year-End Special with Hung Lee

Automating formal processes risks losing informal human value
03:48 MIN

Automating formal processes risks losing informal human value

What 2025 Taught Us: A Year-End Special with Hung Lee

Featured Partners

Related Videos

See all videos
DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Demystifying DevOps—Pros, cons, dos & don'ts51:13

Demystifying DevOps—Pros, cons, dos & don'ts

Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:

Organizational Change Through The Power Of Why - DevSecOps Enablement26:50

Organizational Change Through The Power Of Why - DevSecOps Enablement

Nazneen Rupawalla

Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

3 Key Steps for Optimizing DevOps Workflows24:31

3 Key Steps for Optimizing DevOps Workflows

Daniel Tao

Real-world Threat Modeling21:54

Real-world Threat Modeling

Ali Yazdani

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

The journey from developer to devops - what i've learnt along the way42:44

The journey from developer to devops - what i've learnt along the way

Liam Hurrel & Alireza Chegini

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
DC
Daniel Cranney
Dev Digest 196: AI Killed DevOps, LLM Political Bias & AI Security
Inside last week’s Dev Digest 196 . ⚖️ Political bias in LLMs 🫣 AI written code causes 1 in 5 security breaches 🖼️ Is there a limit to alternative text on images? 📝 CodeWiki - understand code better 🟨 Long tasks in JavaScript 👻 Scare yourself into n...
Dev Digest 196: AI Killed DevOps, LLM Political Bias & AI Security

From learning to earning

Jobs that call for the skills explored in this talk.

DevOps

DevOps

UnderDefense

Remote
Bash
Azure
React
Kafka
+16
DevSecOps

DevSecOps

Robert Half
Frankfurt am Main, Germany

DevOps
Docker
Kubernetes
Agile Methodologies
Amazon Web Services (AWS)
DevSecOps Engineer

DevSecOps Engineer

Optimyze Consulting
Berlin, Germany

70-85K
Intermediate
GIT
Azure
DevOps
Gitlab
+7
DevSecOps

DevSecOps

Accenture
Municipality of Madrid, Spain

Senior
Go
API
C++
HTML
Java
+16
DevOps

DevOps

Amaris Consulting
Geneva, Switzerland

DevOps
Ansible
Terraform
Continuous Integration