Did an interview with George Hulme about Devops and Security

http://devops.com/2015/07/16/the-myth-of-devops-as-a-catalyst-to-improve-security/

snip…

Muntner: Thinking security testing through and automating as much as possible will yield results, but that can happen with or without devops. I’m not saying devops is invalid, rather that it alone is not responsible for good outcomes. Thinking that an approach delivers more than it really does is only a false sense of security, arguably worse than awareness of insufficient security.

Secure systems and software development practices like command-safe APIs, network-layer features in TLS, HTTP layer features like CSP, improvements in application and protocol layer firewalls, developers learning to do proper encoding for the appropriate output context, automated testing with tools like OWASP ZAP or commercial equivalents as appropriate for the type of application are all high-impact but have nothing to do with devops.

DevOps.com: Security should be part of the flow, an integral

https://adammuntner.wordpress.com/2015/07/16/the-myth-of-devops-as-a-catalyst-to-improve-security/