The engineer’s mindset is to understand a problem, build a solution, and then figure out how to deploy a robust and secure implementation into production environments.
Unfortunately, it’s often more complicated and expensive to embed security best practices into a solution once it’s implemented, and the pressure to release innovations quickly often leads devops teams to release with security debt. The best devsecops practices are to “shift left” the knowledge, best practices, and security into the development process so that agile development teams are more likely to bake security directly into the microservice, application, or database.