Generally speaking when the topic of devops comes up security isn’t something we mention. If we do it’s in hushed tones, eyes darting back and forth, the fear that someone might hear us overriding the certain truth that security can benefit as much from devops as any other operational paradigm but just as certain that even mentioning it in polite IT company might get us labeled as a mite crazy
Because when it comes to orchestrating security, we’re really talking about herding cats. And not the fat, lazy Garfield cats of the world, I’m talking about the almost feral, fiercely independent, runs-your-house-like-their-kingdom kind of cats.
Automating something that’s more art than science, for which exist so many different and highly independent systems and devices with as many different interfaces (and rarely an API) as there are types of beans (seriously, do you know how many different kinds of beans there really are??), is certainly on par with trying to herd that kind of cat.
In other words, it’s not something rational folk decide to do unless they’re into Sisyphean tasks.