Thanks for having our host on the show Gerald! You are a good interviewer :)

Your video is not explaining the role of a DevSecOps Engineer "FULLY." I am a DevSecOps Engineer and the role of a "DevSecOps Engineer" is much, much more than just building and maintaining CI/CD pipelines for deploying an application into Production with additional security checks. This is a major misconception people have with the term DevOps and DevSecOps as a cultural methodology vs what an actual DevOps or DevSecOps Engineer actually does. We do everything a DevOps Engineer does (the role of a Cloud Engineer and the role of a Systems Administrator, utilizing Infrastructure as Code/automation), but we also automate, manage, and maintain the security tools in addition (firewalls, IDS, IPS, etc) to meet compliance set fourth by RMF. In short a DevSecOps Engineer (at least at my organization) does DevOps (again which is not strictly CI/CD

I have a strong security architecture not devops. The learning curve was steep but possible. SANS Sec540 training helped glue everything together.

Thanks for having me on to talk about DevSecOps Gerald! :)

Thanks for the great video! I agree about automating SAST and the mountain of false positives it can create being a massive headache. I am currently working as a DevSecOps Engineer. I would really like to hear about Ashish's journey from DevSecOps to CISO. That is my long term career goal, but I struggle with what to do next to make sure I am moving in that direction.

Is DevSecOps considered a track within Cybersecurity? I’m currently an ISSO and work with the RMF (GRC) and would like to pursue this track in the cleared space. DevSecOps is huge and new with the DoD and all the software factories standing up.

Keep on bring the knowledge Gerry!

This was such a good, informative interview. I learned so much and I am looking at learning some DevSecOps soon!

But once the dev ops pipeline is established after that does this DevSecOps engineer would do. What is mean if we we have team of 3 to 4 people they would have not much to do after the pipeline establishment

That was excellent. I had been wondering exactly what devsecops meant. A good goal to focus towards

Great as usually, thank you :D

great video..i am currently into SOC in India.only problem for me are rotating shifts every week which is not suitable for my health..can you suggest roles after SOC that does not require shift work..any videos..btw great video

Timestamps 0:00 Preview 1:26 What is the DevSecOps Engineer job? 7:07 What skills are needed to do the job? 12:13 What is/are the PROS of the job? 13:57 What is/are the CONS of the job? 17:12 Best way to get these skills?