Tanya Janca

Tanya Janca

Author

Published Date: July 6, 2022

Estimated Read Time: 3 minutes

Security is Everybody’s Job — Part 3 — What IS DevOps?

What IS DevOps?

There are many definitions of DevOps, too many, some might say. Some people say it’s “People, Processes, and Products”, and that sounds great, but I don’t know what I’m supposed to do with that. When I did waterfall I also had people, processes, and products, and that was not great. I thought DevOps was supposed to be a huge improvement?

I’ve heard other people say that it’s paying one person to do two jobs (Dev and Ops), which can’t be right… Can it? I’ve also been told once by a CEO that their product was “made out of DevOps”, as though it was a substance. I decided not to work there, but that’s another story. Let’s look at some better sources.

Wikipedia says:

DevOps is a set of practices that combines software development and information-technology operations which aims to shorten the systems development life cycle and provide continuous delivery with high software quality.

But what are the practices? Why are we aiming to shorten the SDLC? Are we making smaller software? What is ‘continuous delivery’?

To get to the bottom of it I decided to read The DevOps Handbook. 
Then I knew what DevOps was, and I knew how to do it. As an added bonus, I 
discovered that I LOVED DevOps.

According to the DevOps Handbook, DevOps has three goals.

Improved deployment frequency; Shortened lead time between fixes;

Awesome! This means if a security bug is found it can be fixed extremely quickly. I like this.

Lower failure rate of new releases and faster recovery time;

Meaning better availability, which is a key security concern with any application (CIA). Lower failures mean things are available more often (the ‘A’ in CIA), and that’s definitely in the security wheelhouse. So far, so good.

Faster time to market; meaning the business gets what they want.

Sometimes we forget that the entire purpose of every security team is to enable the business to get the job done securely. And if we are doing DevSecOps, getting them products that are more secure, faster, is a win for everyone. Again, a big checkmark for security.

Great! Now I think the DevOps people want the same things that I, as a security person, want. Excellent! Now: How do I *DO* DevOps?

That is where The Three Ways of DevOps comes in.

  1. Emphasize the efficiency of the entire system, not just one part.
  2. Fast feedback loops.
  3. Continuous learning, risk-taking and experimentation (failing fast)

In the next post we will talk more in detail about The 3 Ways (and how security fits in perfectly).

Stop testing.

Start Assuring.

Join the world’s leading companies securing the next big cyber frontier with Bright STAR.

Our clients:

More

Security Testing

AppSec Tools That Help Reduce Audit Time

Most teams don’t fail audits because they lack security tools. They fail because they can’t prove what those tools actually...
Tanya Janca
April 29, 2026
Read More
Security Testing

DAST Tools for ISO 27001 & Enterprise Compliance

Most teams don’t fail ISO 27001 audits because they lack DAST tools. They fail because they can’t prove what those...
Tanya Janca
April 28, 2026
Read More
Security Testing

Security Testing Tools for SOC 2 Compliance

Most organizations approach SOC 2 compliance with a simple assumption: If we have enough security tools, we should be covered....
Tanya Janca
April 25, 2026
Read More
Security Testing

API Security Tools for Financial Services & SaaS Companies

If you step back and look at modern financial platforms or SaaS products, one thing becomes obvious very quickly:
Tanya Janca
April 24, 2026
Read More

Platform

Resources

Company

Partners

Get our newsletter

Checkboxes

Bright All rights reserved © Bright Security 2026
Terms of service Privacy policy Cookies policy