There Is No SecDevOps

By Rich

Adrian is off at the altar of Buffett (the other one – not the one I wear a coconut bra for), so Mike and I delved into SecDevOps, triggered by a post from Andrew Storms over at

This is where the world is heading folks – you might as well prepare yourselves now.



Enjoyable episode, you guys have great energy and a great chemistry.
I couldn’t agree more. People always look at me weirdly when I tell them that my goal is to make my position obsolete. It sounds strange, but it’s true. There is no need for a security function to enforce assessment, review findings or monitor patch levels. First of all, I’m lazy and I don’t want to do it for ever. Secondly, it should be baked into the functions that are already there, namely DevOps. These guys know the code way better than I ever could, so let me help them doing their work securely instead of being the ‘security roadblock’. Automation being the key word here; in a world of continuous integration and deployment, manual processes are no longer acceptable.
Once that is done, I can go on to newer, funner things. Win win.

By Marco Tietz

If you like to leave comments, and aren’t a spammer, register for the site and email us at and we’ll turn off moderation for your account.