Ali Yazdani

DevSecOps culture

Stop thinking about security tools. DevSecOps is a cultural transformation, not a technology problem.

DevSecOps culture
#1about 2 minutes

The evolution from traditional security to DevSecOps

Traditional security testing at the end of the pipeline creates friction and downtime, leading to the rise of DevSecOps to integrate security with development and operations.

#2about 2 minutes

DevSecOps is a culture, not just a set of tools

Implementing DevSecOps successfully requires focusing on its three core pillars—people, process and tools, and governance—rather than just adopting new technologies.

#3about 3 minutes

The people pillar and establishing shared responsibility

Breaking down traditional silos between development, security, and operations is crucial for creating a shared responsibility model where everyone contributes to security.

#4about 2 minutes

The technology pillar and automating security tests

Technology enables DevSecOps by automating repeatable security tests like secret scanning, SAST, and software composition analysis within the CI/CD pipeline.

#5about 2 minutes

The governance pillar for tracking progress and compliance

Governance provides structure through policy as code and visualization, helping teams track security posture, manage expectations, and ensure compliance.

#6about 2 minutes

Overcoming common DevSecOps implementation challenges

Successfully implementing DevSecOps involves navigating cultural resistance, ensuring seamless tool integration, and meeting complex compliance requirements like ISO 27001 and SOC 2.

#7about 2 minutes

Reducing costs by shifting security left

Shifting security practices earlier in the development lifecycle, such as with pre-commit hooks, significantly reduces the cost and effort required to find and fix vulnerabilities.

#8about 1 minute

Communication is key to a successful DevSecOps journey

Clear and consistent communication with developers about the purpose and implementation of security measures is the most critical factor in reducing friction and ensuring adoption.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

The cultural shift from DevOps to DevSecOps
00:17 MIN

The cultural shift from DevOps to DevSecOps

You can’t hack what you can’t see

Integrating security into the DevOps lifecycle with DevSecOps
08:53 MIN

Integrating security into the DevOps lifecycle with DevSecOps

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Exploring the core principles of DevSecOps
06:10 MIN

Exploring the core principles of DevSecOps

DevSecOps: Security in DevOps

DevOps as an outcome of a healthy engineering culture
15:09 MIN

DevOps as an outcome of a healthy engineering culture

DevOps at Netflix

Key lessons learned from implementing DevSecOps
28:42 MIN

Key lessons learned from implementing DevSecOps

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Q&A: Scaling DevOps across functions and cultures
28:18 MIN

Q&A: Scaling DevOps across functions and cultures

Shifting Stress to Progress— Understanding DevOps to do DevOps Better

Key takeaways for building a security culture
22:11 MIN

Key takeaways for building a security culture

Organizational Change Through The Power Of Why - DevSecOps Enablement

Establishing a holistic definition of DevOps
07:19 MIN

Establishing a holistic definition of DevOps

DevOps Maturity Check – a way to balance autonomy and alignment

Featured Partners

Related Videos

See all videos
DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Demystifying DevOps—Pros, cons, dos & don'ts51:13

Demystifying DevOps—Pros, cons, dos & don'ts

Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:

Organizational Change Through The Power Of Why - DevSecOps Enablement26:50

Organizational Change Through The Power Of Why - DevSecOps Enablement

Nazneen Rupawalla

3 Key Steps for Optimizing DevOps Workflows24:31

3 Key Steps for Optimizing DevOps Workflows

Daniel Tao

Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

The journey from developer to devops - what i've learnt along the way42:44

The journey from developer to devops - what i've learnt along the way

Liam Hurrel & Alireza Chegini

Real-world Threat Modeling21:54

Real-world Threat Modeling

Ali Yazdani

From learning to earning

Jobs that call for the skills explored in this talk.

Dev Ops / Infra

Dev Ops / Infra

Roots Energy GmbH
Vienna, Austria

Senior
Python
Docker
Terraform
IT Security
Continuous Integration
DevOps Engineer

DevOps Engineer

Tech Solutions Gmbh

Azure
DevOps
Docker
Jenkins
Kubernetes
+2