beyond the buzzword: building a practical DevSecOps culture in your organization

Get your cards out—let’s play buzzword bingo!

This session aims to demystify DevSecOps and provide a clear, step-by-step guide for integrating security seamlessly into the DevOps lifecycle. But this is more than just theory—we’ll explore real-world strategies, tools, and cultural shifts needed to create a robust DevSecOps environment, specifically tailored to teams working with Drupal and related web technologies.

With the rapid rise of AI in software development and deployment processes, integrating security is no longer optional—it's essential. In addition to compliance standards like NIS2 and ISO 27001, new regulations such as the EU AI Act introduce significant requirements for managing AI systems' security and accountability. This session will help you understand how AI-powered tools can enhance DevSecOps practices while remaining compliant with these evolving standards.

We’ll cover how to integrate security in CI/CD pipelines, pragmatically handle pipeline reports, and adopt proactive security practices—all while cultivating a DevSecOps culture. Special attention will be given to how AI-driven automation and vulnerability detection tools can improve security without sacrificing speed or agility in development.