![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
_NicoElNino_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Craft adds Readwise integration for working with book notes and highlights [50% off]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/04/craft3.jpg.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Restructures Global Affairs and Apple Music Teams [Report]](https://www.iclarified.com/images/news/97162/97162/97162-640.jpg)
![New iPhone Factory Goes Live in India, Another Just Days Away [Report]](https://www.iclarified.com/images/news/97165/97165/97165-640.jpg)
How Do You Integrate Security into the SDLC? (Researching Developer & DevOps Workflows)
Hey everyone! I’m currently doing some research into how developers and DevOps teams handle application security across the software development lifecycle (SDLC) — from design to deployment. The goal is to better understand what real-world teams are doing when it comes to: Security Across These Phases: Design phase (do you do threat modeling?) Development/code review (do you run SAST? Get auto-fix suggestions?) Testing phase (any dynamic/DAST tools, custom logic testing?) Deployment phase (cloud config checks, misconfig detection?) What I’d Love to Learn: How do you currently integrate security into your SDLC? Do security tools slow you down or help you move faster? Do you actually use the auto-fix/code suggestions from tools? What’s the most frustrating thing about your current AppSec setup? Why I’m Asking: I'm exploring smarter ways to automate and simplify security across the SDLC — especially for teams without full-time AppSec engineers. But rather than guess, I want to hear how you work: What’s working? What’s missing? What would make AppSec feel less like a chore? Drop a comment below, or DM me if you're open to a short async chat. Any feedback — even one sentence — helps. Thanks for sharing your experience
Hey everyone!
I’m currently doing some research into how developers and DevOps teams handle application security across the software development lifecycle (SDLC) — from design to deployment.
The goal is to better understand what real-world teams are doing when it comes to:
Security Across These Phases:
Design phase (do you do threat modeling?)
Development/code review (do you run SAST? Get auto-fix suggestions?)
Testing phase (any dynamic/DAST tools, custom logic testing?)
Deployment phase (cloud config checks, misconfig detection?)
What I’d Love to Learn:
How do you currently integrate security into your SDLC?
Do security tools slow you down or help you move faster?
Do you actually use the auto-fix/code suggestions from tools?
What’s the most frustrating thing about your current AppSec setup?
Why I’m Asking:
I'm exploring smarter ways to automate and simplify security across the SDLC — especially for teams without full-time AppSec engineers.
But rather than guess, I want to hear how you work:
What’s working?
What’s missing?
What would make AppSec feel less like a chore?
Drop a comment below, or DM me if you're open to a short async chat.
Any feedback — even one sentence — helps.
Thanks for sharing your experience
