DevSecOps: Responsibility Without Authority episode artwork

EPISODE · Mar 31, 2026 · 6 MIN

DevSecOps: Responsibility Without Authority

from The ITSM Practice: Elevating ITSM and IT Security Knowledge · host Luigi Ferri

DevSecOps promises shared security responsibility, but what happens when accountability shifts without decision authority? In this episode of The ITSM Practice Podcast, Luigi Ferri explores governance gaps, risk ownership, Security Champions, burnout, and structural ambiguity in DevSecOps. A sharp reflection for CISOs, AppSec leaders, and ITSM professionals navigating security governance and enterprise risk management.In this episode, we answer to:Who is explicitly allowed to accept risk in a DevSecOps operating model?What happens when developers receive security accountability without authority?Are Security Champions strengthening governance, or masking leadership gaps?Resources Mentioned in this Episode: Blackduck website, article "DevSecOps: The good, the bad, and the ugly", link https://www.blackduck.com/blog/devsecops-challenges-benefits.htmlJit website, article "6 DevSecOps Best Practices that Enable Developers to Deliver Secure Code", link https://www.jit.io/resources/devsecops/a-practical-guide-to-devsecops-making-it-work-for-developersDecipher Bureau website, article "DevSecOps Professionals: Avoiding ‘The Great Burnout’", link https://www.decipherbureau.com/news/articles/devsecops-professionals-avoiding-the-great-burnout/ Security Journey website, article "From Disruption to Integration: Rethinking Just-in-Time Security Training", link https://www.securityjourney.com/post/from-disruption-to-integration-rethinking-just-in-time-security-training Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

DevSecOps promises shared security responsibility, but what happens when accountability shifts without decision authority? In this episode of The ITSM Practice Podcast, Luigi Ferri explores governance gaps, risk ownership, Security Champions, burnout, and structural ambiguity in DevSecOps. A sharp reflection for CISOs, AppSec leaders, and ITSM professionals navigating security governance and enterprise risk management.In this episode, we answer to:Who is explicitly allowed to accept risk in a DevSecOps operating model?What happens when developers receive security accountability without authority?Are Security Champions strengthening governance, or masking leadership gaps?Resources Mentioned in this Episode: Blackduck website, article "DevSecOps: The good, the bad, and the ugly", link https://www.blackduck.com/blog/devsecops-challenges-benefits.htmlJit website, article "6 DevSecOps Best Practices that Enable Developers to Deliver Secure Code", link https://www.jit.io/resources/devsecops/a-practical-guide-to-devsecops-making-it-work-for-developersDecipher Bureau website, article "DevSecOps Professionals: Avoiding ‘The Great Burnout’", link https://www.decipherbureau.com/news/articles/devsecops-professionals-avoiding-the-great-burnout/ Security Journey website, article "From Disruption to Integration: Rethinking Just-in-Time Security Training", link https://www.securityjourney.com/post/from-disruption-to-integration-rethinking-just-in-time-security-training Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

NOW PLAYING

DevSecOps: Responsibility Without Authority

0:00 6:45

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The ITSM Practice: Elevating ITSM and IT Security Knowledge?

This episode is 6 minutes long.

When was this The ITSM Practice: Elevating ITSM and IT Security Knowledge episode published?

This episode was published on March 31, 2026.

What is this episode about?

DevSecOps promises shared security responsibility, but what happens when accountability shifts without decision authority? In this episode of The ITSM Practice Podcast, Luigi Ferri explores governance gaps, risk ownership, Security Champions,...

Can I download this The ITSM Practice: Elevating ITSM and IT Security Knowledge episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!