The Dunning-Krueger Effect of DevSecOps

With the rapid pace of technology transformation and modernization that is taking place, it’s easy to fall into the trap of thinking just because you slapped a title on the process, it means you are doing it and doing it well. With the current move of DevOps to DevSecOps, individuals and organizations believe that they can buy their way into problem solving, when it is more of a process reengineering and knowledge management task. This is overestimating the challenge, the work required and the ability to achieve within the proposed time-frame. With new and often not well-understood frameworks and methodologies being thrown at teams to implement or migrate to, ego and self-confidence, along with a dash of “keeping up with the Joneses” can get people into a spot of trouble. My talk will cover some self-assessments for organizations and individuals about where they are at with a journey to DevSecOps, what gap analysis they need to perform, and a few patterns that can be used to approach these challenges.