DevSecOps! Shift left! These are terms you hear on stage, read in articles, and see in the media. Embedding security in your DevOps strategy starts with a strong collaboration between the security team and the engineering teams. After all: security is the responsibility of everybody. So far so good. But what does this mean? What should you do in your organisation?
To get security right, we see at least three focus areas that need your attention as a security professional: risk appetite, security knowledge, and security culture. The recommendations for each of these focus areas will differ depending on where the organisation is in its journey. In this article we look at the focus areas for a start-up, a scale-up and an enterprise.