DevSecOps - Explain it like I’m 5

Explaining observability and devops to a non-technical audience is challenging [think typical cocktail party].? It’s likely that nobody is familiar with the basic tenets like microservices or Metrics/Logs/Traces so over the years I have come up with my own analogies to explain these concepts that seem to resonate.? Now we’re starting to discuss the next iteration which is DevSecOps and requires some new thinking.

First DevSecOps is a practice, not a product.? Vendor based tooling will support it but it is a process - teamwork for building safe and secure software. Imagine you're constructing a building. DevSecOps is like having architects (developers), structural engineers (security), and construction workers (operations) working together from the start.

Collaboration, Automation, and Shared Responsibility Make the Dream work!??

Collaboration: In the past, developers, security and operations teams used to work separately. Developers designed and wrote the code, then security checked it for vulnerabilities, and finally, operations deployed and ran it. DevSecOps changes this by having all three teams collaborate from the earliest design phases to make sure the building (or software) is safe, secure and functions well.? With security and operations expertise “in the room” during development, inherent security risks and operational pitfalls are identified early and avoided.

Automation: In a DevSecOps practice, code checking is automated to proactively identify security issues before deployment. Instead of waiting until the building is complete to fix problems, DevSecOps keeps an eye on everything as it's being built. If there's a problem, it gets identified and fixed right away, like fixing a blind corner before anybody bumps heads.

Shared Responsible: Instead of just one group being responsible for safety, everyone takes part. Developers, security, and operations folks all play a role in making sure the building is secure, just like everyone in DevSecOps is responsible for creating secure software.

In simple terms, DevSecOps is about working together, using machines to check for problems, fixing things as you go, and making sure everyone is responsible for safety. It's a smarter and safer way to build software!

In less simple terms, check out Splunk's POV on DevSecOps Here