#IMOS21: The Critical Role of Culture in DevSecOps

#IMOS21: The Critical Role of Culture in DevSecOps

The approach organizations should take to develop and maintain an effective DevSecOps culture were highlighted by Patrick Debois, director of market strategy at Snyk during a session at the Infosecurity Magazine Online Summit EMEA 2021.



Debois firstly emphasized the importance of an organization’s culture in determining the DevSecOps strategy that should be employed. “The CEO and culture of your company will set the tone on the areas upon which your DevSecOps transformation will address,” he commented. Depending on the context, this may involve greater focus on automation, metrics, empowerment or command and control.



He then outlined the different ‘topologies’ available, which relate to the nature of the relationship between dev and ops teams, with varying degrees of closeness. The type that will work best in a given organization is dependent on the culture that has been developed, he said. These can manifest in five ways:



Dev and ops collaboration
Fully shared ops responsibilities
DevOps with expiry date
DevOps Evangelist
Container-driven collaboration

Debois went on to describe three team interaction modes that need to be considered:



Collaboration: the day-to-day human collaboration
X-as-a-service: the self-servicing automation that a developer can use
Facilitating: a facilitation by the teams to help guide the collaboration

He added: “If you’re constructing how your teams overlap, you also have to look at how they will collaborate.”



Ultimately, in the view of Debois, building and gaining trust between the respective teams is what is most essential. He highlighted four key facets related to this:



Sincerity
Reliability
Competence
Care

Debois noted that competence is not enough on its own. “That’s why I see DevSecO ..