How true is it that “security is everyone’s responsibility”? I know that in principle this is true but in practice it is exceptionally hard for everyone to understand the context and overall risk.
I was reading yesterday about DevOps being not an easy entry to working in IT as there is often a large amount of different and separated tools that are required. And I had a large discussion with a friend recently about how the industry has become very specialised. When I started developing/engineering, I would often know a bit about lots of things; PHP, Python, Javascript, Server Admin, Networking. Whereas now we almost require experts in a small sub-section of this (Javascript to React to Next.js). But how can you understand security context if you are super-specialised in one area?
Am I misunderstanding or just viewing from my perspective and missing a larger piece of the puzzle? Have we (as an industry, and possibly myself as a DevSecOps engineer) failed at shift-left because it was always going to be too hard?
Connect on LinkedIn. Follow me on Twitter. Grab the RSS Feed