When DevOps was just becoming popular, security teams weren’t deemed responsible for the verification of the development pipeline. Back then, and even now, the security code within the pipeline depended on the knowledge of the developers and best practices they relied on for their development process. Now, with the more recent introduction of DevSecOps, a new set of tools have been introduced to automate security and incident response. This provides more of an incentive for security to learn the language of DevOps and work together.
To embrace a DevSecOps culture, a company needs to look at cross-training their teams, for instance, teaching developers about security and educating security professionals on development processes and how to build new applications on demanding timelines.