Practice
DevSecOps
I'm James Elliott — a developer turned DevSecOps engineering manager. I help teams build security that works like good driver-assist: brakes when you need them, lane-assist when you don't, never the handbrake. Short, sharp engagements only.
"No" is rarely the answer. The job is finding the route that ships the work and keeps you safe — even if it means a detour.
A 70% control your team actually runs beats a 100% control they route around. I optimise for what gets used in production on a Tuesday.
Good security should sit in the background and gently nudge — not jolt the wheel out of your hands. If a control feels like a handbrake, it's the wrong control.
I take fixed-scope engagements with a defined end. If I'm still here in twelve months, something's gone wrong — and that's not the deal.
I started my career as a developer, shipping product code before the term DevSecOps existed. Over time I gravitated toward the seams — where security, platform, and product collide — and ended up running engineering teams whose job is to keep those seams from tearing.
Good security feels like lane-assist, not a handbrake. It should keep you in the lane while you focus on the road ahead.
These days I lead a DevSecOps engineering function and consult on the side. The work I'm proudest of usually looks the same from the outside: a team that stopped firefighting, started shipping, and quietly raised its security posture without anyone calling it a "transformation".
If your strategy lives in a slide deck and your engineers are routing around it, we should talk.
The first 30 minutes are free. Tell me where you are, what's been tried, and what's on fire. If I'm the right fit we'll scope something concrete. If I'm not, you'll leave with a useful second opinion.
Book a 30-min call →