2025-04-26 –, Auditorium
Successful DevSecOps transformation is much more then putting tools in pipelines and declaring "shift left". The hardest shift to pull off is when it comes to nudging values towards digital safety, and in this talk I walkthrough the techniques and literature I use to do this at scale. We will cover theories from Organisational Change Management, Leadership and Influence, and how we can apply these social tools in the context of DevSecOps to help you make an impact.
DevSecOps is more than just technology—it’s a fundamental shift in mindset, culture, and collaboration. While many organizations focus on tools and automation, the real challenge lies in leading people through this transformation. This talk will explore the psychological and organizational change management techniques essential for driving a successful DevSecOps journey.
We’ll begin by examining a change model like Kotter’s 8-Step Change Model, a structured approach to transformation that helps organizations create urgency, build coalitions, and embed lasting change. Understanding these steps enables leaders to navigate resistance and foster buy-in at all levels. We will also look psychological safety, a critical factor in high-performing teams. Using David Rock’s SCARF Model we’ll explore how to create environments where developers, security, and operations teams can collaborate without fear. Psychological safety is the foundation for open discussions, continuous learning, and innovation in security practices. Finally, Influence and communication play a crucial role in transformation. We’ll discuss key techniques such as mirroring and active listening, which enhance trust and alignment. Understanding the principles of negotiation and persuasion allows leaders and change agents to align stakeholders, overcome objections, and drive meaningful action. I will talk through my own experiences applying these models in the context of DevSecOps.
Whether you are a leader, engineer, or security professional, this talk will equip you with the tools to influence change, foster collaboration, and make an impact.
2 - Need some foundational knowledge into Cyber Security
Organisation or Affiliation?:Seccl
Seb is an experienced information and security professional who specialises in DevSecOps transformation. He considers himself an Engineer first, but quickly realised in the world of DevSecOps that the skills needed to make an impact at scale were found in psychology and business, and now regularly speaks on topics of Leadership and Organisation Change.
Seb has previously held roles such as Senior Consultant @ Veracode, Senior Manager @ ClearBank, Head of DevOps @ LRQA and is now IT Infrastructure and Security Manager @ Seccl helping build a secure world class trading platform.