DevSecOps is Dead; Long Live DevOps — Shifting Common Sense to the Left

I told everyone I’ve spoken to that “What took DevOps 10 years, will only take DevSecOps 3–5 years,” and I said that in 2017. Nowadays, you’ll see companies are still stuck in the last century insisting on their differences, instead of embracing the fact that “DevSecOps is dead; long live DevOps.”

Shifting Common Sense to the Left

Now, before you jumped up and punch me in my face, let me explain. Last year, I was trying to design a DevSecOps diagram to help drive/educate its adoption. I reached out to the group CTO and said, ”… without DevOps, there’s no DevSecOps,” and he helped me created the DevSecOps Guild. In parallel, I took the DevOps diagram from Lucidchart and fitted shifting-security-to-the-left on it.

My strategy was to bring together Dev, DevOps and SecOps together, and formulate a common goal, i.e. “shorten the feedback loop from the software operators (Ops), security (Sec) to the software creators (Dev) regarding both operational requirements (uptimes, redundancies…etc…) and security (crypto strength, threat boundaries). The effort was abrupted by the current pandemic, which I blogged about CVSS Score of COVID-19 in March.

Introducing the DevSecOps Care Bear

Now back to the fight between DevSecOps and DevOps, you’ll find that it’s a moot point because you can’t possibly fight against yourself. What is needed is the change of mindset realising that Dev, Ops, and Sec are one of the same. I hear you ask, “how do I change people’s mindset?” which I’ll say, “by telling people true stories!” I told my story about my Life Interrupted — Security is A Mindset. Now, where’s yours?