Why DevSecOps is an Auditors Best Friend


I have a new blog post on my company’s site about DevSecOps. I am curious to hear if there is any feedback on this one - warning, it is longer format than any of my personal writing:


Hi Ryan,

I have only recently begun to learn about DevSecOps, and have been in highly regulated industries such as financial services. Your article definitely makes sense - the transparency and immutability of DevSecOps processes seem to be perfect environments for auditing ease. I’ve often felt for auditors I’ve worked with in the past because of the complexity and non-transparency of so many of the processes in application development and systems support. Like agile frameworks, I agree a corporate mindset is necessary to be successful with this method of baking security into everything done in the product and systems lifecycles.

Thank you - Do you have a direct link to your other articles? I think I would benefit from reading them but the link at the end of this article titled “more articles by Ryan” opened to a general list and I didn’t see any authored by you.


Thanks Pascal. I will get with the marketing team, but I have only written 2 articles so far for contino. Here is a talk I recently gave on the DevOps framework for the enterprise. It speaks some to security, but is much more geared towards how to adopt DevOps and the engineering culture in large regulated enterprises:



The term DevSecOps just showed up in an internal document about our agile approach. Guess I need to learn. What’s your hourly rate again @ryan? :wink:


Let those folks implement it, then when it gets all messed up call me @JayHorsecow :slight_smile: