DevSecOps: Why, Benefits and Culture Shift

Why DevSecOps?

The first factor is Speed - the rate at which code is pushed to repos and released into production. Continuously Integrate the code. Fast feedback loop

The second factor is Scale - the applications being developed must scale to the demands of the customers

The third factor is Safe - Adoption of security through the entire SDLC

The fourth factor is Simple - Must always strive for simple and efficient ways. Standardisation of tools

The fifth factor is Stewardship - Lesser hand-offs between teams and/or members

Business Benefits

1 - Early identification of security / operational risks

2 - Faster time to market

3 - Faster feedback loop

4 - Lower the cost of change/delivery

5 - Evidence of compliance

Principles On How We Can Build A DevSecOps Culture?

1 - Short and frequent development cycles

2 - Incorporate and automate security as much as possible from the very beginning

3 - Leverage technologies that help agility

4 - Wider collaboration with all the teams (InfoSec and all the teams)

5 - Frequent communication

6 - Lesser hand-offs

7 - Influence in the culture shift within wider Xero (inputs on how we can improve the DevSecOps maturity)

8 - Practice what you preach (Transformation through delivery)