Peer-Driven Insights

Secure Code & Automation (DevSecOps)

Active Ambassadors in This Topic

Chris Oehlerking

Chris Oehlerking

Honeywell

Manufacturing, 1k - 5k

United States
Kevin Tambascio

Kevin Tambascio

Cleveland Clinic

Healthcare and Biotech, 10k+

United States
Sriram Lakshmanan

Sriram Lakshmanan

Genpact

, 10k+

India
View All Community Ambassadors

Community Posts

What interview questions should you ask when hiring a DevSecOps engineer?

Read More Comments

How do you encourage your software staff to follow security best practices? Have you ever had problems with developers who aren’t following formal security processes after they’re in place?

Does anyone have experience or feedback regarding use of Wazuh as a SIEM, specifically for a small (~50 person) company and with all infrastructure in the public cloud?

Read More Comments

When it comes to internal development, how often do security team members attend kickoff meetings for new software projects?

Always23%

Often47%

Sometimes18%

Rarely10%

Never1%

View Results

How are you keeping DevOps and security teams aligned when it comes to securing microservices and serverless architectures?

Read More Comments

How do you encourage your software team to work collaboratively on security — both within the team and with other departments?

Have you added any GenAI tools to your DevSecOps pipeline, or are you still worried about introducing security problems?

Read More Comments

Do you have an AI application security program?

Yes36%

We’re currently considering it50%

We’re currently developing one7%

No6%

View Results

How are you improving API security testing?

Read More Comments

Has anyone started exploring the incorporation of AI tools and training into their developer communities, particularly in the government space where we tend to be more risk-averse? I’m interested in hearing about the strategies you're using to evaluate these tools and how you distinguish between those offering real value and those that might be overhyped. While tools that simplify code reviews, generate test cases, and ensure automated test coverage are top of mind, I recognize there may be other valuable AI applications. I’d love to hear how others are navigating this space, especially in areas where risk management is a key consideration.

Read More Comments

If there’s only enough budget to send a few devs to one AppSec conference for the year, which one would you go with? Which conference would likely be most valuable to level up DevSecOps at your org?

Read More Comments

Does your org incorporate input from development teams before deciding which AppSec tool to purchase?

Yes, always33%

Sometimes58%

No8%

Unsure

View Results

Have you found success using NIST’s secure software development framework (SSDF)? Would you recommend it to a colleague as an effective way to mitigate risk during development?

Any tips on ingraining the fundamentals of secure software development in your company culture? How have you secured support and ensured best practices permeate through every level of your org?

Read More Comments

Have you done cross training programs to train developers on cybersecurity skills? What should orgs keep in mind when attempting to start these sorts of initiatives?

Do you think the backdoor in xz Utils is a sign of things to come? Are you expecting software supply chain attacks on open source to increase even further this year?