Please rotate your tablet to be horizontal.

You can dismiss this notice but please note that this experience has not been designed for mobile devices and so will be less than optimal

Back To Schedule

DevSecOps – by any other name

15:10 - 15:30 Thursday 7th April 2022 BST
Add to Google Calendar

New software development approaches continue to be promoted. You may be aware of waterfall, RUP, 4GLs, 3-tier client server - all still alive and kicking in some domains. You will be familiar with some (or all) of Agile, Kanban, DevOps, SAFe, No Code/Low Code and many others.

A new kid on the block is DevSecOps. What does that mean? Where did it come from? Why is it important? If we adopted the tenets of DevSecOps without calling it DevSecOps would it “smell just as sweet”? What would it “smell” like if we spun up a DevSecOps team, without understanding the fundamental challenges that DevSecOps was intended to overcome?

In this session I’ll explore the origins of DevSecOps before going on to demonstrate the distance between the label and the intent of DevSecOps. Finally I’ll try to generalise the journey from “good idea” to “empty slogan” that seems to underpin many of the hyped transformations that I’ve lived through during my 40 year career in software.

Seb Rose

Seb has been a consultant, coach, designer, analyst and developer for over 40 years. He has been involved in the full development lifecycle with experience that ranges from architecture to support, from BASIC to Ruby.

During his career, he has worked for companies large (e.g. IBM, Amazon) and small, and has extensive experience of failed projects. He's now Continuous Improvement Lead with SmartBear, helping apply the lessons he has learned to internal development practices and product roadmaps.

He's a regular speaker at conferences, a contributing author to 97 Things Every Programmer Should Know (O'Reilly) and the lead author of The Cucumber for Java Book (Pragmatic Programmers).

He blogs at and tweets as @sebrose