To be successful stewards of security in a DevOps pipeline, Infosec needs to break this false narrative that developers don't care about security. They just need to be enabled to address security seamlessly as part of their jobs.
Stop painting security as something that runs counter to the business. Rather demonstrate security in harmony with business needs so developers aren't made to feel like they have to choose one or the other. Consider the business needs, tailor your approach to the business model (which may change from group to group or even application to application).
Structure your security programs with consistency but also with room for nuance.
- If you enjoyed these posts - visit the Snyk DevSecOps Hub to read more.