Alex Tech Topics — Issue #2

Demystifying DevSecOps & Value Stream Mapping

Alexandre Couëdelo
3 min readOct 28, 2022

--

DevSecOps is a term that has been around for a few years now, but what does it actually mean? The concept is simple adding Security to the DevOps methodology. But in practice, DevSecOps is more complicated to implement than it may seem; the concept is still immature and requires refinement to become a solid framework.

Value Stream Mapping is a process that helps organisations identify and eliminate waste in their workflow. It does this by visually representing the flow of work and information as they move through the organisation. This allows organisations to see where inefficiencies are occurring and make changes that will improve the flow of work.

DevSecOps and Value Stream Mapping can be extremely beneficial to businesses. The main challenge is often getting everyone on board with the new way of working. A good understanding of both concepts should make the adoption easier.

In this article, you will find a sort introduction to each concept and relevant links to deepend your knowledge.

DevSecOps

DevSecOps TL;DR

• DevSecOps is the concept of embedding security into DevOps in order to ‘shift security left’ and align it with CI/CD pipelines and the SDLC.

• There is no single switch or tool that will take you from DevOps to DevSecOps — it requires a culture shift and buy-in from everyone involved.

• Security automation is key to success but must be actioned efficiently in order to avoid further delays.

• Creating security champions and involving teams in integrating security practices are both effective ways to upskill your team.

--

--

Alexandre Couëdelo

Software Supply Chain and Automation Specialist (aka. DevOps).