CI/CD, Containers, Cloud Native, Infrastructure as Code, these terms are almost ubiquitous when we talk about DevOps. But how many Infosec practitioners actually understand these technologies?
Just as it's difficult for Devs to keep up with the ever changing dynamics of various ecosystems, security struggles as well. The world of technology doesn't slow down because we need to secure it.
As security professionals, we must partner with the owners, developers, and keepers of this technology. We have to be willing to go beyond pointing out vulnerabilities and actually work with those personnel to be an active part of fixing the issues.
That's what puts the Sec in DevSECOps.