The What

DevSecOps is inherent security within development and operations processes. As organizations continue to move faster, it’s important to shift security left by automating security processes and iterating improvements using agile methodologies.


A developer creates code within a version control management system.


A developer identifies security defects or bugs in code quality.


An environment is then created, using an infrastructure-as-code tool

The Why

Making security an equal consideration alongside development and operations is a must for any organization involved in application development and distribution. By ensuring that security is present during every stage of the software delivery lifecycle, you will have continuous integration where the cost of compliance is reduced and software is delivered and released faster.


The How

The benefits of DevSecOps are simple: Enhanced automation throughout the software delivery pipeline eliminates mistakes and reduces attacks and downtime. For teams looking to integrate security into their DevOps framework, the process can be completed seamlessly using the right DevSecOps tools and processes.

Move security from right (end) to left (beginning). This shift left allows DevSecOps teams to identify security risks and exposures
Does the Dev become a SecOps engineer? No but they are security enabled through tools, awareness, and partnership with security team.
A company culture with a strong a security foundation and leadership promotes change across the organization, driving security to the forefront vs. an afterthought.
Very important to a DevSecOps team is the ability to measure the operation and provide actionable insights and accountability during the whole project lifecycle.

The Diagram







The Who


The Software Engineering team at ImagineX Consulting has an extensive reach into all aspects of Devops, Cloud and Security. An integral meber of that team, Practice Director, Corey Masters, has spent over 8 years delivering business value and growth through technology solutions cross industry. He is passionate about creating well-architected, secure, and costeffective solutions that will deliver risk-averse value year after year. He is familiar with development and integration across Microsoft, open source, and other proprietary technologies. Corey strives to gain a deep knowledge of the business requirements and work with our customers to make value-driven decisions about technology. Working with ImagineX means working with seasoned, smart and likeable consultants like Corey. Our experts are excited to partner with your organization to understand the vision, and produce secure solutions that allow your business to thrive in an ever changing environment.

eGenuity is undertaking a technology modernization of its software products. The current release process is very slow (semi-annual) and fraught with risk of introducing bugs/vulnerabilities or causing outages during the manual deployment process. eGenuity desires to release software more quickly and confidently, partnering with ImagineX to achieve this through DevSecOps automation.

ImagineX Approach

ImagineX designed a three-part approach to elevate eGenuity’s DevSecOps program:

Automation – ImagineX improved the existing DevOps process by packaging applications via Docker to increase deployment automation and minimize outage risk.

Quality Assurance – ImagineX configured a process to execute automated regression testing (Katalon) within the DevOps pipeline to ensure that only tested code could be deployed to production.

Security – ImagineX configured the Rapid7 Insight tool to execute DAST scanning within the DevOps pipeline. The increases security awareness by giving developers real-time feedback about the security posture of their applications and prevents vulnerabilities from being deployed to production.

Project Success

Client CEO was extremely appreciative of our team effort: “Our team and our processes, particularly around devops, are lightyears ahead of where they were before we started the engagement, and that’s a testament to your team. ImagineX lived up to its “special ops” reputation, and now we’re moving into a mode of execution on what you helped us put in place.”

Axis Capital is currently engaged in a large-scale migration of its IT infrastructure to the Azure Cloud. The migration of SQL Server VMs presented a challenge from an automation standpoint. Axis engaged ImagineX to automate and secure this provisioning process.

ImagineX Approach

ImagineX partnered with Axis to understand their current processes and tooling related to SQL provisioning and IaaS security. Based on this understanding, ImagineX devised and implemented a 2-part approach.

Automation – ImagineX created a templatized, 3-part provisioning process to automate “Core, Custom, and Configurable” aspects of provisioning SQL Server on VM in the Azure Cloud.

Security – Representing all configuration as code, ImagineX “baked in” security configuration and tools into the provisioned SQL Servers. New servers were automatically enrolled into Axis’ existing monitoring frameworks.

Project Success

ImagineX transformed the SQL Server provisioning process from a week-long, high-touch process into an automated one that occurs in under an hour. The inherent security instills confidence in the provisioning process. Axis Capital is currently engaged in providing this provisioning capability directly to users via a ServiceNOW catalog.