What is DevSecOps?
Philosophy

Integrate security into all stages of DevOps workflow
Shift left

Address security earlier in development lifecycle
Everyone's responsibility

Security ownership across teams
Improved collaboration

Between dev, sec and ops teams
DevSecOps practices
Infrastructure as code
Embed security in provisioning of resources
Policy as code
Define and enforce security policies programmatically
Security testing
Inject testing of security controls into CI/CD
Monitoring and logging
Visibility into production environment
Security automation
Streamline processes around security
Security scanning
SAST, DAST to uncover vulnerabilities early
Benefits of DevSecOps

Reduce security risks
address vulnerabilities earlier

Collaboration
break down silos between dev, sec and ops

Meet compliance
address regulatory requirements more efficiently

Improve resilience
recover quickly from security incidents

Speed
automated security processes don't slow down delivery
Challenges with DevSecOps
Cultural
changes to workflows, integrating teams
New tools
integrating and learning new security technologies
Adding security expertise
upskilling developers on secure coding
Compliance
balancing governance with speed of delivery