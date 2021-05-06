1. Foster a DevSecOps culture and mindset

There are several definitions of DevSecOps, but the one that stands out universally is collaboration, automation, learning, measurements, and sharing (CALMS), which was coined by Jez Humble and adopted further by Synopsys’s very own Meera Rao. At its core, DevSecOps thrives on a culture and a mindset in which various cross-functional teams share a single goal of continuous software security.

To embed a culture of DevSecOps, it’s best to start with a few self-motivated and committed teams that are aligned to the goals of strategic DevSecOps initiatives. The strategic initiatives act as guiderails for these teams while they work to ingrain DevSecOps culture into day-to-day functions, balancing security, speed, and scale. Once the pilot teams adopt DevSecOps and start showing visible benefits, they become examples to other teams that could follow their footsteps.

The key to fostering a DevSecOps culture and mindset is to operate in iterations and work upward from individual project teams to the entire organization.