As digital transformation continues its exponential acceleration, cybersecurity teams are no longer standing guard at the perimeter — they’re sitting inside the strategy room.
That shift was on full display at a recent Sumo Logic customer panel, where technology experts Patrick Kobly of Rushmore Technology, Philipp Ranft of Kaleris and Roland Palmer of Sumo Logic discussed how AI and DevSecOps are dissolving the traditional boundaries between development, operations and security.
They said that the days of “throwing software over the fence” are gone, replaced by shared accountability and a more nuanced understanding of risk.
“You can’t do software delivery that way anymore,” said Kobly, CISO at Rushmore Technology, which provides security services for online gaming and payments firms. “That old model of development handing something off to operations introduced conflicts of interest. Now we’re all sitting at the table.”
From silos to shared accountability
For years, DevOps and security worked in parallel — often uneasily. Today, automation and AI-assisted monitoring are forcing a culture change: cybersecurity is no longer an afterthought. It’s built into the first line of code.
Kobly’s own path reflects that evolution. “I came into security from a different perspective than most practitioners,” he explained. Trained in development architecture, he approaches security less as gatekeeping and more as design discipline.
“That development lens really applies in a CISO role. It means understanding how design decisions flow downstream into operational risk.”
Kobly has watched security evolve from an isolated function into something woven through every stage of digital operations.
He described a “synergistic back and forth” between teams, where distinguishing between a distributed denial-of-service attack and a performance bottleneck requires both technical fluency and collaboration.
“Ops teams need strong security knowledge because sometimes what looks like a performance issue is actually an attack,” he said.
Cybersecurity at sea
In maritime logistics — one of the world’s oldest and most complex industries — Philipp Ranft has watched modernization collide with decades-old processes.
“The maritime industry was always slow,” said Ranft, vice president of DevOps engineering at Kaleris. “Ships run for 30 years, and security on those ships was… interesting. But in the last five to ten years, governments have started to classify terminal and line operations as critical infrastructure. That’s really moved things forward.”
Customer expectations and regulatory demands have pushed operators to adopt tighter controls, forcing closer cooperation between engineering and security teams.
“Our customers now ask for certifications, vulnerability management and compliance,” Ranft said. “Engineering teams want to develop features fast, but we need to make sure security is baked in.”
At Kaleris, that has meant embedding security directly into DevOps — a cultural as well as technical transformation, especially following a string of mergers and acquisitions.
Ranft’s role involves aligning newly acquired teams with a DevSecOps model that eliminates the traditional separation between software creation and operation.
“The days of developing something and throwing it over the fence to IT are over,” he said. “We still see that in some of the companies we acquire, but that approach doesn’t work anymore. We’re establishing a DevSecOps mindset where everyone shares responsibility.”
That alignment, Ranft added, only sticks when executives reinforce it.
“The issue isn’t usually between engineering and security,” he said. “It’s convincing business leaders to give teams the time to do things properly. They want new features for customers, but you have to push back and say: we also need to invest in security.”
Security as an enabler, not a brake
For Kobly, that leadership message is essential to reframing security’s role.
“The perception is always that the CISO is the person who says no,” he said. “But we’re about enabling — finding out how something can be done safely, not stopping it. Most developers and product managers want to protect their customers; they just don’t always know how.”
That mindset is important in high-stakes environments like online gaming, where regulatory compliance intersects with financial integrity.
“Regulation is the lowest bar,” Kobly said. “Getting a sign-off from the gaming authority or PCI assessor isn’t the goal. The goal is to make sure we’re not leaking credit card details and that the gaming site operates with integrity.”
His broader point: security succeeds when it bridges gaps — between business units, between compliance and creativity, between caution and innovation.
“Our company is structured into verticals — gaming, payments and others — and those teams don’t always talk. But the biggest risks are often shared ones that cross those boundaries. We have to make sure they’re identified and managed together.”
Finding balance in a regulated world
For Roland Palmer, head of security at analytics platform Sumo Logic, regulation can be both a constraint and a catalyst.
“Fortunately for us, we’re regulated across every compliance framework you can imagine,” he said. “It allows security to have a voice in the room with operations.”
Yet Palmer emphasizes partnership over policing. “It’s about giving ops teams enough room to move fast,” he added. “We want to give them everything they need, then get out of the way.”
Palmer, who came to cybersecurity from a military background, sees value in the informal networks that have grown among DevOps and security peers.
“This is my favorite part of the job — talking to other security and DevOps people, sharing pain and stories,” he said. “It’s where you realize everyone is dealing with the same challenges.”
For Palmer, the ultimate goal is simplicity. “Security’s job is to help everyone move fast — safely.”
