/Securing the cloud, one bug at a time. DevSecOps engineering by James Elliott. 2026-06-01T14:32:00+01:00 James Elliott / © 2026 James Elliott /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-05-19T00:00:00+01:00 2026-05-19T00:00:00+01:00 /posts/If-Your-Security-Strategy-Relies-on-the-Business-You-Have-No-Strategy/ James Elliott

We have all sat in those quarterly planning meetings. The executive team unveils a beautiful, colour-coded, 12-month product roadmap. It is logical. It is ambitious. But we all know that by week four, a major client will ask for something totally different, or a new tech trend will drop, and that roadmap will change radically. If your DevSecOps strategy is entirely coupled to what the business...

2026-04-06T00:00:00+01:00 2026-04-06T00:00:00+01:00 /posts/the-dopamine-trap-how-ai-made-me-work-more-not-less/ James Elliott

The idea of AI was simple: AI was a bootstrap tool. It does the tedious 60% of the boilerplate - the setup, the basic scripting, repetitive tasks - leaving me to do the last 40% of the polish and review. The promise was that this would make me vastly more efficient and, in doing so, allow me to work less. I imagined being able to do all of my tasks, leaving me to think more strategically and...

2026-01-25T00:00:00+00:00 2026-01-25T00:00:00+00:00 /posts/its-not-you-its-me-separating-security-from-cloud/ James Elliott

A quick note before we dive in: The journey I’m describing here is a personal one, synthesising lessons, stories, and observations from my entire career. Think of this as a “greatest hits” of hard-won lessons, not a diary entry about any single company, past or present. It’s all about the evolution of the practice (and the practitioner!). I used to believe that there were 3 main pillars in ...

2025-12-19T00:00:00+00:00 2025-12-19T00:00:00+00:00 /posts/four-forces-of-devsecops/ James Elliott

“Jack of all trades, master of none” We’ve all heard the phrase. I’m sure some people use it as an insult, implying that you are too diluted, unfocused or lacking in deep expertise - but I see it as a powerful force for good. Just look at some of the roles that are being recruited for - they look for a whole range of skills, asking to be an expert in multiple fields, looking for unicorns - the...

2025-11-15T00:00:00+00:00 2025-11-15T00:00:00+00:00 /posts/i-was-wrong-about-devsecops/ James Elliott

A quick note before we dive in: The journey I’m describing here is a personal one, synthesising lessons, stories, and observations from my entire career. Think of this as a “greatest hits” of hard-won lessons, not a diary entry about any single company, past or present. It’s all about the evolution of the practice (and the practitioner!). The Unmoving Needle I was reviewing a detailed da...