When I first heard the term DevSecOps a few years ago, I thought it was a bit of a silly term, bandwagon jumping by security vendors trying to bring their tools into the DevOps conversation.  

However, having delivered more DevOps transformation work with large regulated enterprises, we’ve seen how security can be a real drag on software delivery and transformation ambitions.  

In some cases, true adoption of DevOps is held back because organisations are worried about introducing security or compliance risk.  They feel that they need to maintain separate operations teams, security checks and change control processes to minimise risk. 

In other instances, teams we work with have adopted continuous delivery pipelines but need long manual security reviews at the end of the process which kind of negate the point of all of that automation.   

From a cloud perspective, security is obviously at the heart of that conversation, so we need to show how we can build security and compliance in using automated techniques which are continuously verified. 

In our work, DevSecOps as a field has proven real value and we are glad the conversation and thought leadership in the field is ongoing.

As a result of these lessons, we now take DevSecOps very seriously as a field, and look to integrate security practices into our automation work and strategy as core competencies.  If security is left out of the conversation, DevOps transformation usually fails to deliver on it’s promise.  

Today we’re pleased to release two assets to help people understand and adopt DevSecOps within their business:

Our Introduction To DevSecOps & guide describes DevSecOps concepts and best practices for adoption.  It describes what DevSecOps is all about, why it matters, and how it impacts your people, your delivery processes, your applications and infrastructure.  

Our DevSecOps Assessment & Strategy Acceleartor is a productised consultancy offering which we are bringing to the market.  Taking the same methodology of our successful DevOps Maturity assessment, the DevSecOps assessment is a short piece of strategy work which benchmarks your current performance against best practices.


Please visit the links above for information on these two services or please get in touch if you would like to learn more about how DevSecOps can help companies innovate quickly whilst remaining secure and compliant.   

  • Benjamin Wootton

    Co-Founder and CTO

    Benjamin Wootton is the Co-Founder and CTO, EMEA of Contino. He has worked with tens of enterprise organisations on DevOps transformation and is a hands-on DevOps engineer with expertise in cloud and containers.

    More Articles by Benjamin