Hacker News new | ask | show | jobs
by freehunter 2506 days ago
DevOps is mashing development and operations together. But that ignores security, often putting security reviews after the code has been deployed or at least after it's done being written, which necessitates re-work. DevSecOps makes sure security is a part of the development and operations work.

Yes it's a re-wording of an existing concept. No, it is not a new idea. Yes, it is important enough to call it out because so many companies don't let security/operations/development work together.

You're not the target audience, your CISO or CTO is.
1 comments
heavenlyblue 2506 days ago
What is the size of the company when CISO, on average - exists as part of the company?

I know Google has security teams, but what about the smallest company that has one?

link
freehunter 2506 days ago
Whether a company has someone with the title "CISO" or not matters very little to how they design security into their products. The term "DevSecOps" is designed to eliminate the need for a discreet "security" workforce.

To answer the question more directly: I've worked with 10,000+ employee companies with no CISO and I've worked with <1,000 employee companies with separate CTO, CIO, and CISO roles. At the executive level, job titles are more of suggestions than strictly defined silos. It all depends on how the company is organized and what their strategic priorities are.

link