DevSecOps may be an overused buzzword today, but adoption of the methodology has led to stronger cross-functional collaboration, faster delivery times, and more secure software being released into the market. From day one, agility, fast iteration cycles, ship-to-learn, and DevOps practices have been core to how GitHub ships and operates its products. Like much of the industry, we’ve also been on a journey to build in security at every step. As a developer focused company, our approach to this keeps the developer at the forefront of our decisions, innovations, and product choices. The software development industry is also at an inflection point: it’s estimated that by 2027, 80 percent of all code will be written by AI assistants. As more and more companies adopt AI into their development processes, DevSecOps is more important than ever before. But evolving existing practices to accommodate AI has a seemingly counterintuitive starting point. Hint: it isn’t the security team. GitHub is the home to 100M+ developers and I have the privilege of leading the team that keeps the platform, product, users, and customers safe. But my DevSecOps journey started long before that as a technical leader at NSA. In this talk, you’ll learn a bit about my journey, how my approach to Security and DevOps has evolved through experience leading agency-wide technology initiatives at NSA to protecting the home of all developers at GitHub. You’ll hear about how DevSecOps and Security work at GitHub and how AI is impacting developers through capabilities like GitHub Copilot, how AI is evolving the Security space, and suggestions on how to move security into an AI-assisted future.