DevOps has necessarily matured into DevSecOps, but there is a significant focus disparity with the Sec element. As the ‘middle child’ Sec is often over looked and under-resourced.
DevSecOps is a holistic approach and only achieves full performance potential when all elements are working in harmony- this can only be achieved if the elements are generally in balance. Typically, attention and resources are only reactively provided to the Sec element and are withdrawn after the issue passes. There are management processes and techniques that have been proven to raise the Sec element awareness and result in long-term stable attention and resources, resulting in the Sec element being able to make greater and broader impacts, and in improved overall DevSecOps team efficiency. Understand the difference between DevOps and DevSecOps, how best to manage the pivot from DevOps to DevSecOps, and the lessons learned/best practices in maturing your DevSecOps organization.
PMI Talent Triangle: Technical Project Management (Ways of Working)