I have only recently begun to learn about DevSecOps, and have been in highly regulated industries such as financial services. Your article definitely makes sense - the transparency and immutability of DevSecOps processes seem to be perfect environments for auditing ease. I’ve often felt for auditors I’ve worked with in the past because of the complexity and non-transparency of so many of the processes in application development and systems support. Like agile frameworks, I agree a corporate mindset is necessary to be successful with this method of baking security into everything done in the product and systems lifecycles.
Thank you - Do you have a direct link to your other articles? I think I would benefit from reading them but the link at the end of this article titled “more articles by Ryan” opened to a general list and I didn’t see any authored by you.