In order to succeed in bringing security to DevOps, every stakeholder in the pipeline needs to feel enabled to execute security practices. Sure this means training and tooling are necessary, but so is credible accountability. Those executing security practices need to feel supported when mistakes are made, vulnerabilities are identified, or remediations fail. Shaming or basing performance appraisal on security performance will only lead to half-hearted execution and attempts to bypass security controls. Make sure your approach is co-operative and focused on realistic goals for continuous improvement, not perfection.
Feel free to add your thoughts & comments.