---

@Steve-Wilme wrote:

Sounds like the interviewer never heard of SecDevOps.  A DevOps approach focusing on IaC and SaC, has a good potential to improve overall security posture and respond to vulnerabilities quickly.  So it's simply not a case of speed or security, but speed with security.

---

I thought it was DevSecOps??  🙂 

Then you have some DevOps wags who say security is already in it, so you don't need to talk about 'SecDevOps' or 'DevSecOps' as separate things...

I do have to wonder about the level of knowledge of some of the infosec 'leaders' I've met with on interviews.  I dealt with one CISO when interviewing for an infosec analyst role that would have deal heavily with third party risk management who, surprisingly to me, didn't seem to understand the different SOC reports (1,2,3, etc) nor had ever heard of Shared Assessments' SIG Report.  Sigh.  (oh, and they decided to reject me for 'better candidates'... yeah, right).