Keynotes
Dev Sec Ops
The Pipeline Isn't the Problem.
The Prioritization Is.
A talk for organizations that have already bought into DevSecOps — and are now stuck trying to implement it without the resources, roadmap, or clarity to know where to actually start.
Most DevSecOps failures
aren't tool problems.
They're process problems.
Every organization knows they need DevSecOps. The sales pitch is simple: embed security into the SDLC, shift left, make it everyone's responsibility. What the pitch leaves out is the hard part — you can't fix every vulnerability, you don't have unlimited resources, and your developers aren't going to become application security experts overnight.
This talk cuts past the theory and into the operational reality. Drawing on her experience building Wabbi and working directly with AppSec leaders across industries, Brittany walks through a maturity model-based approach to DevSecOps implementation — one that's grounded in risk, sequenced for real teams, and designed for organizations that need to make meaningful progress without boiling the ocean.
The honest truth about DevSecOps is that success isn't about doing everything. It's about making the right calls about what to do first — and building a program that compounds from there
"
We've spent years asking developers to care more about security and security teams to slow down less. The answer was never more expertise on both sides — it was better translation between them.
- Brittany Greenfield
the takeaway
A realistic framework to act on.
What it actually is- and what it isn't
A clear mental model for DevSecOps that separates the real methodology from the marketing — and grounds implementation in operational reality, not vendor promises.
shift left,
Shift Right:
start now
How to embed security into existing SDLC workflows without a full reorg — the first practical steps, sequenced for teams without unlimited resources or headcount.
speak the
same language
A shared framework for security, engineering, and executive stakeholders to align on priorities, communicate risk, and stop talking past each other.
You can't fix everything & that's the point
Why trying to remediate every vulnerability is the fastest path to burning out your team and stalling your program — and how risk-based prioritization changes the math entirely.
A maturity model that maps to reality
A staged framework for building a DevSecOps program that starts where your organization actually is — not where the whitepaper assumes you are.
Ownership as
strategy
A shared accountability model that defines who owns what across dev, security, and ops — so security stops being nobody's job and starts being something the whole organization can hold.
find your fit
Built for you
This talk is designed for leaders who are past the "should we do this?" conversation and into the "how do we actually make this work?" one. It scales from technical conference stages to executive and board-level audiences who need to understand the real levers — not just the acronyms.
contact
Bring this talk to you.
Available as a standalone keynote, a conference session, leadership meeting, or designed as a workshop for your team.