
DevSecOps: Responsibility Without Authority
From The ITSM Practice: Elevating ITSM and IT Security Knowledge by Luigi Ferri
March 31, 2026 · 7 min · Season 3 · Episode 5
About this episode
This episode explores the challenges of accountability and authority in DevSecOps, focusing on governance gaps and the role of Security Champions.
DevSecOps promises shared security responsibility, but what happens when accountability shifts without decision authority? In this episode of The ITSM Practice Podcast, Luigi Ferri explores governance gaps, risk ownership, Security Champions, burnout, and structural ambiguity in DevSecOps. A sharp reflection for CISOs, AppSec leaders, and ITSM professionals navigating security governance and enterprise risk management. In this episode, we answer to: Who is explicitly allowed to accept risk in a DevSecOps operating model? What happens when developers receive security accountability without authority? Are Security Champions strengthening governance, or masking leadership gaps? Resources Mentioned in this Episode: Blackduck website, article "DevSecOps: The good, the bad, and the ugly", link https://www.blackduck.com/blog/devsecops-challenges-benefits.html Jit website, article "6 DevSecOps Best Practices that Enable Developers to Deliver Secure Code", link https://www.jit.io/resources/devsecops/a-practical-guide-to-devsecops-making-it-work-for-developers Decipher Bureau website, article "DevSecOps Professionals: Avoiding ‘The Great Burnout’", link…
People in this episode
Host: Luigi Ferri
Topics covered
- DevSecOps
- security governance
- risk management
- accountability
- Security Champions
- burnout
Keywords
- DevSecOps
- security responsibility
- risk ownership
- governance gaps
- Security Champions
- enterprise risk management
Mentioned in this episode
Organizations: Blackduck, Jit, Decipher Bureau, Security Journey
More episodes of The ITSM Practice: Elevating ITSM and IT Security Knowledge
- What DoDAF Can Teach Leaders About Architecture and Complexity · June 9, 2026 · 11 min
- Identity Is the New Perimeter · June 2, 2026 · 10 min
- FINMA and ITIL 4: Building Resilient Swiss Banks · May 26, 2026 · 10 min
- Broken Transmission: Why Fintech Strategy Fails · May 19, 2026 · 6 min
- FINOS vs ISO 42001: What to Choose · May 12, 2026 · 9 min
- Who Owns Cloud Security? · May 5, 2026 · 9 min
Explore listener stats, chart rankings, contacts and more on the The ITSM Practice: Elevating ITSM and IT Security Knowledge podcast page.