Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » How to Effectively Communicate the Value of a DevSecOps Strategy Shift
Cybersecurity

How to Effectively Communicate the Value of a DevSecOps Strategy Shift

Robert WoodBy Robert WoodNovember 16, 2022Updated:December 1, 20224 Mins Read
Facebook Twitter LinkedIn Email
devsecops strategy
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

One of cybersecurity leadership’s most important jobs is effective communication, but the security industry has a funny history around the way it communicates priorities, desires, and intentions. We tend to “tell and demand” instead of ask, and we also tend to use FUD (fear, uncertainty, and doubt) instead of data. A lot of people outside of the field that I’ve spoken to about this type of communication have referred to it broadly as “just because” reasoning. “Just because” reasoning doesn’t build trust.

Effective communication can create the conditions necessary for an organization to truly change. It can help to create an experimental, exploratory mindset, as well as sway prioritization decisions at both tactical and strategic levels.

This article will go into some specific ideas on how a security leader can effectively communicate the importance of a DevSecOps strategy shift inside, and then outside, their team.

Communicating Within the Security Team

The move to invest heavily in automation and to change the way that security engagement happens can be disruptive to an organization’s status quo. There are many unknowns such as new tools; whether existing tools and processes might need to go away; and so on. Fear of disruptive change and automation is present in many facets of technology, but that doesn’t mean we should avoid it.

In my leadership capacity, I have found the ambidextrous organization model quite helpful to explain and drive toward change. The basic idea is that you acknowledge the many things you do today that deliver value and name them. These activities are referred to as “extract” activities. We know that we can’t do the same thing we do today in five years and that something must change, but we might not know what that is yet. So, to find out what will work in our context, we allocate resources to “explore” new ways of working and new ways of adding and capturing value. An explore activity might move over to an extract activity as it matures and confidence in it builds, at which point the cycle continues to loop. Employed thus, the ambidextrous model minimizes the typical concerns that come with change.

The big thing for me is: Don’t leave people behind. Bring your existing team along in this change so that they learn new skills at the same time as these forward-leaning DevSecOps patterns are contextualized with all their rich background and context.

Communicating Beyond the Security Team

External teams are in some ways easier to communicate with along these lines. Engineering and product teams may be the ones pushing security to come along due to their existing preferences for building and managing software. However, other teams, such as legal and sales, may be more hesitant to get behind a significant change in operating practices. To them, this may represent unnecessary risk or distractions. While these are just examples, any external stakeholder could fall into a place of not being aligned with or supportive of this strategic shift.

To achieve alignment, focus on truly understanding the value proposition that this shift will provide and when you understand it, how you want to articulate that. This is best done in contrast to your understanding of the pain points that a particular stakeholder may experience. For example, engineering teams may face friction in their build and development process that they wish to alleviate. Legal teams may be concerned with the risk of moving too quickly without “proper security checks on each change.” Sales teams might be frustrated currently with their inability to address certain customers’ inquiries about security posture.

Whatever the pain point(s) may be, you need to understand them, empathize with them, and talk about the value proposition in contrast to that pain point. I have also found that taking an explicit step in inviting specific stakeholders into the process to provide feedback, be an advisor, or play some other part in ownership of the strategic shift can do wonders in the journey toward alignment.

Concluding Thoughts

In my experience, one of the biggest transformations that occurs within a security team here is around culture. Not tools, not process, but culture. Acting things out, modeling “the way,” and truly leaning into an agile development-oriented mindset are fantastic methods to help organic culture change take root. As that happens, less convincing is necessary and, in some ways, the hard parts take care of themselves. Communication then becomes a function of strategic direction setting and shaping as opposed to disrupting.

CLICK HERE TO JOIN THE CONVERSATION ON LINKEDIN

Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

automation communications Cybersecurity devsecops engineering featured sales security security teams software development Strategy
Share. Facebook Twitter LinkedIn Email
Robert Wood

Robert Wood is an Acceleration Economy Analyst focusing on Cybersecurity. He has led the development of multiple cybersecurity programs from the ground up at startups across the healthcare, cyber security, and digital marketing industries. Between experience with startups and application security consulting he has both leadership and hands on experience across technical domains such as the cloud, containers, DevSecOps, quantitative risk assessments, and more. Robert has a deep interest in the soft skills side of cybersecurity leadership, workforce development, communication and budget and strategy alignment. He is currently a Federal Civilian for an Executive Branch Agency and his views are his own, not representing that of the U.S. Government or any agency.

Related Posts

IBM Power11 Supercharges AI Workloads Across Hybrid Cloud Environments

July 30, 2025

AI Is Reshaping Consulting | Tinder on Customers

July 30, 2025

Microsoft Invests in Skilling, Policies, and Partnerships to Scale AI Outcomes

July 30, 2025

Tech Giants Siemens and SAP Urge Pro-Innovation AI Regulations in Europe

July 30, 2025
Add A Comment

Comments are closed.

Recent Posts
  • IBM Power11 Supercharges AI Workloads Across Hybrid Cloud Environments
  • AI Is Reshaping Consulting | Tinder on Customers
  • Microsoft Invests in Skilling, Policies, and Partnerships to Scale AI Outcomes
  • Tech Giants Siemens and SAP Urge Pro-Innovation AI Regulations in Europe
  • Bill McDermott on ServiceNow Q2 Blowout: ‘AI Unlike Anything in Human History’

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks and Reports

SAP Business Network: A B2B Trading Partner Platform for Resilient Supply Chains

July 10, 2025

Using Agents and Copilots In M365 Modern Work

March 11, 2025

AI Data Readiness and Modernization: Tech and Organizational Strategies to Optimize Data For AI Use Cases

February 21, 2025

Special Report: Cloud Wars 2025 CEO Outlook

February 12, 2025

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.
body::-webkit-scrollbar { width: 7px; } body::-webkit-scrollbar-track { border-radius: 10px; background: #f0f0f0; } body::-webkit-scrollbar-thumb { border-radius: 50px; background: #dfdbdb }