Taking a more proactive and culture-based approach to security, DevSecOps stresses integrating and maintaining a focus on security in operations and throughout the software development life cycle. The benefits? Security and resilience become a shared responsibility rather than an afterthought. It’s easier to maintain compliance with changing and growing regulations. And time to market for new releases and updates is often faster.

However, these benefits can only be realized if DevSecOps is well understood, implemented wisely and embraced across teams. Below, members of Forbes Technology Council share some of the common hurdles that emerge when adopting DevSecOps. Their expert tips can ensure teams are prepared with knowledge and tips to smoothly and successfully embrace DevSecOps and reap its multiple rewards.

1. Take Time Up Front For Education

Often, teams don’t give themselves time to learn DevSecOps and are instead pushed into firefighting mode from day one. Lacking knowledge, they’re slower to adopt changing technologies in DevSecOps because they’re too busy plugging holes or playing catch up. Investing in learning at the start can save your developers time and better secure your business. – Shangyan Li, GrubMarket Inc.

A key hurdle in adopting DevSecOps is cultural resistance to integrating security into development workflows. Teams often view security as a bottleneck rather than an enabler. Overcoming this resistance requires promoting collaboration, providing security training and embedding tools for automated security checks into CI/CD pipelines to streamline processes. – Jayapal Reddy Vummadi, ZF North America

3. Emphasize The Long-Term Benefits

A tech team’s resistance to change due to members’ reliance on old-school practices is a significant hurdle in adopting DevSecOps. Team members may be hesitant to alter familiar workflows, fearing increased complexity or reduced efficiency. This can be addressed by emphasizing the long-term benefits of DevSecOps, such as enhanced security and faster delivery, and by providing hands-on training to ease the transition. – Akash Kilaru, City National Bank

4. Frame It As A Transformational Journey, Not Just A Technological One

The biggest obstacle to successful DevSecOps adoption is when it is treated as a toolset rather than a mindset. Success comes when teams recognize that this is a transformational journey, not just a technological one. First, align the people and the processes that will embed security as a shared responsibility in the software development life cycle; then you can support them with products and platforms. – Brittany Greenfield, Wabbi

5. Start With Small, Achievable Wins And Build Necessary Skills

A common hurdle in adopting DevSecOps is the cultural shift needed to integrate security across development stages. Developers, product teams and program managers may feel security is outside their scope. Clearly communicate the benefits of secure development. Start with small, achievable wins, and provide training, workshops and mentorship to equip teams with the necessary skills. – Priyadarshni Natarajan, Walmart

6. Promote A Mindset Of Security Being Part Of The Process

A key hurdle in adopting DevSecOps is the misconception that security is separate from development and operations. Overcoming this requires embedding security throughout the development cycle. By shifting the team’s mindset to view security as part of the process and using automation to streamline tasks, you can integrate security without slowing delivery. – Prajwalkumar Bhatkar, Capital One Bank

7. Stress The Shared Responsibility

A key hurdle in adopting DevSecOps is resistance to cultural and process changes. Overcoming this requires fostering a collaborative mindset, automating security processes and integrating security early in the development life cycle, making it a shared responsibility across teams. – Upendra Kumar, Capital Group

8. Ensure Reference Models Are Available

We always hear that DevSecOps is a mindset and culture; this is true. The biggest hurdle is shifting the tech team from having a task-oriented mindset to having a problem-solving mindset. Overcoming this requires reference models to build, secure and run products with guardrails, and they must be decoupled from specific individuals. – Karen Kim, Human Managed

9. Leverage Training And Automation To Speed Delivery

One common hurdle in adopting DevSecOps is the cultural resistance to integrating security into development workflows, often due to the perception that it slows down delivery. This can be overcome by fostering a collaborative culture where security is seen as a shared responsibility, providing training to bridge knowledge gaps, and automating security checks within CI/CD pipelines. – Alex Circei, Waydev

10. Hone Devs’ Security Understanding

One major challenge many tech teams face when adopting DevSecOps practices is a general lack of security expertise. Security is not usually within a developer’s core skill set. Without proper training, a typical developer might not realize how quickly threats evolve or how an attacker might leverage a small coding mistake to access sensitive data. – Matthew Cloutier, Sticky Strategy

11. Ensure Top-Down Understanding And Commitment

A development team’s reluctance to adopt DevSecOps often stems from mission directives at the C-suite level. If development teams feel as though mission pressure, timelines, resource constraints and production will remain constant—even with the introduction of security operations that could slow things down—it causes hesitation. – Ty Ward, Credence Solutions Group, LLC.

12. Embrace Security By Design Principles

The main hurdle is a lack of goal alignment, with security still being perceived as slowing down development and productivity. We must shift left, be proactive and embrace security by design principles. Today, end-to-end quality assurance tests are the norm, even though they slow down development. Why shouldn’t security be the same? – Jeremy Albinet, Brainboard, Inc.

13. Share ‘What’s In It For Them’

Asking teams to learn and adopt new languages, technologies, processes and ways of working is the largest hurdle to DevSecOps adoption. People do not know what they like as much as they like what they know. Outlining the benefits—automating repetitive tasks, long-term career growth, salary increases and advancement—can be the best way to get teams onboard. – Sean Barker, cloudEQ

14. Embed Dev-Friendly Tools In Workflows

The biggest hurdle to DevSecOps adoption is the lack of security context for developers. Teams resist when security feels like a roadblock. Overcome this by embedding developer-friendly tools that surface actionable security insights within existing workflows, fostering collaboration, and shifting the narrative from “compliance burden” to “shared innovation.” – Jeremy Dodson, NextLink Labs

15. Maintain Speed Through Training And Automation

A major hurdle to adopting DevSecOps is the cultural resistance to integrating security into fast-paced development workflows, which is often perceived as slowing delivery. Overcome this by fostering a shared responsibility for security, offering hands-on training to close skill gaps and automating security checks within CI/CD pipelines to ensure seamless integration without compromising speed. – Dan Sorensen, Air National Guard

16. Promote End-To-End Ownership

One significant hurdle to the successful adoption of DevSecOps is siloed thinking and a lack of end-to-end ownership. In many teams, development, security, operations and DevSecOps are treated as separate entities with distinct responsibilities, which can create gaps in collaboration and accountability. – Agur Jõgi, Pipedrive

17. Invest In Cross-Functional ‘Enabling Teams’

Major hurdles to DevSecOps adoption are a lack of executive buy-in and insufficient resources. Leaders must invest in dedicated cross-functional “enabling teams” instead of siloed centers of excellence. This ensures collaboration and knowledge-sharing and drives true DevSecOps success. – Patrick Emmons, DragonSpears, Inc.

18. Tap Into The Strengths Of Both Younger And Senior Staff

Take a focused approach to creating the DevSecOps team by including a few strong T-shaped DevOps staff and at least two V-shaped security SMEs. Security is a rapidly changing space, and you need to pair young, energetic team members who constantly keep up with industry changes in security with more senior staff members who can serve as guardians of security across your organization. DevOps teams should be headed by a RevOps lead. – Raja Epsilon, WrkSpot

19. Reframe Security As An Enabler Rather Than A Bottleneck

One hurdle to successful DevSecOps adoption is resistance to cultural change, as teams often see security as a bottleneck rather than an enabler. Overcoming this requires fostering a collaborative mindset through training, clearly communicating security’s value, and embedding security practices seamlessly into development workflows to align with speed and efficiency goals. – Aravind Nuthalapati, Microsoft

20. Implement DevSecOps In Small Doses

DevSecOps is often considered a barrier to getting a project done and functional. It is best implemented in small doses, a sprint at a time, until it becomes a normal part of the team’s operations. – David Van Ronk, Bridgehead IT