DevSecOps success isn’t just about picking the right tools—it’s about driving change across people, process, and technology. In this talk, we’ll go beyond the buzzwords to explore what it truly takes to embed security into modern software delivery.

We’ll start by demystifying the DevSecOps tooling landscape—covering the full acronym bingo (SAST, DAST, SCA, CSPM, etc.), highlighting major vendors, and sharing a practical framework for choosing the right tools for your environment. But that’s just the beginning.

We’ll explore SDLC maturity models and how to create a DevSecOps roadmap that aligns with your organization's goals. You’ll also learn how to approach organizational change with principles borrowed from change management—because tooling alone won’t get you there.

Finally, we’ll focus on the human side: the social skills you need to overcome resistance, influence stakeholders, and craft internal communications that get attention and drive adoption.

Whether you're just getting started or trying to take your DevSecOps efforts to the next level, this session equips you with the full advocate toolkit—technical insight, strategic perspective, and the soft skills to make it all stick.

Seb Coles is a seasoned security leader and engineer with a passion for making DevSecOps work in the real world—not just in theory. He’s held senior security roles at Clarks, ClearBank, LRQA, and Seccl, and worked as a senior consultant at Veracode, helping organizations of all sizes embed security into their software delivery.

At ClearBank, Seb built and led the security team that earned a Highly Commended recognition at the 2023 Computing Awards for Best DevSecOps Implementation. His approach goes beyond tools—focusing on strategy, organizational change, and the often-overlooked human side of DevSecOps.

Originally a software engineer, Seb has learned the hard way how crucial influence, communication, and cultural alignment are to making security stick. He’s stepped on plenty of rakes so others don’t have to—and now shares those lessons through talks, consulting, and national conference appearances.

Seb brings a candid, practical perspective to DevSecOps, grounded in hands-on experience and a deep understanding of both the tech and the people behind it.