Why A DevOps Champion Might Look Like a Security Hero


Publish Date

Feb 17, 2021

Written by

ZN Logo for Blog


Tagged with

  • Application Security
  • DevOps
  • Digital Transformation
  • AppSec
  • Security Champions
  • DevOps Champion

In general, people value results. They value things they can see and use. And they especially value things that make their daily work easier. This is why the DevOps process was created in the first place. DevOps is all about collaboration and getting quality applications out the door quickly; it’s about doing things precisely because they produce certain positive results. But there’s one place where DevOps isn’t seeing the outcomes they need, one area where more benefits and less work would be a welcome change. Security.

How can developers find results and benefits in the realm of security?

Where the Results Live

As we know, many organizations have created successful Security Champions Programs to empower their people and find better ways to unite security and DevOps. And they are enjoying some excellent results. This is obviously a great start, but it really only addresses half of the problem. What about a DevOps Champion? What could this new breed of superhero do for security?

Just as AppSec needs Security Champions to “speak the language” of developers, DevOps needs translators to liaise with the security branch, who can communicate information around complex details like tool integration, daily workflows and realistic deadlines. DevOps by nature is a high-velocity process, where new technologies are always being leveraged in the name of better software. It makes sense for security teams to advocate for developers by providing the information and solutions they need to keep their valuable applications protected. But to really make the partnership work, Security Champions need a counterpart who lives within AppSec teams as well.

Capes Come in Different Colors

Security Champions Programs within DevOps teams first came about because developers are typically not security experts, and they need advocates who understand their pain points. As such, these champions are DevOps pros who recognize the criticality of security within software excellence. A “DevOps Champion” within the security branch would do much of the same by communicating key issues around their unique concerns and workflows. Keeping security teams in the loop on what’s going on in DevOps opens up dialogue and empowers both teams to speak the same language, not just the one they know best.

Even though this type of partnership is still evolving, establishing close alignment between security and development, each with its own “Champion,” is a sure path to success. In this way, DevOps and Security Champions are a bit like tribal Chieftains, who meet to share the concerns of their respective people. And once they have communicated their own needs and listened to the other side, each Champion returns to their respective people (and the larger organization) with new security insights, solutions and best practices.

A Changing Game

DevOps Champions for security have the potential to change the game, as they instill a sense of shared responsibility and communicate the need for ongoing collaboration with security. Developer expertise in security not only makes the business stronger and more competitive, but it also ensures the overall excellence of today’s software doesn’t suffer from something as simple as communication breakdown.

For more information how your organization can empower heroes to unite security and DevOps for the good of software, download our Security Champions survey or contact us at ZeroNorth.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles


When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.