The Most Important Measurement in DevSecOps: Culture

July 3, 2023 | By Oteemo

devops culture

Understanding DevSecOps KPIs – Part 3: Measuring Culture

In this three-part series, we’re looking at the Key Performance Indicators that should be used when measuring the success of a DevSecOps project. In part 2, we looked at key security metrics that you should be measuring.

In this blog post, we’ll explore what might be the most important measure of progress: culture.

Measuring Culture

Possibly the most important measure of progress that we at Oteemo are able to make is a measure of culture. Again, DevSecOps is something that you do, not something you can buy. It is at its root, a massive cultural change. 

The big question becomes how can one measure something as abstract as culture. Our answer, though it may not be perfect for every organization, is something that works well if used with discipline and good intent. 

Culture is a vital measurement to determine your team’s buy-in, trajectory, and more. By properly measuring culture, you’ll find gaps between leadership and execution, and discover ways to deepen your organization’s buy-in.

We built an assessment tool based on 10 basic questions that measure a team’s understanding of DevSecOps goals, whether they have the right tools and support, and how teams feel about collaboration that exists within the organization. 

The weighted average of the team’s responses is taken and plotted as a graph that shows the collective sentiment of the team for every question. Leaders and managers can then take appropriate steps to mitigate issues and improve. 

The Most Important Measurement in DevSecOps: Culture - Oteemo

Culture is a KPI

It’s vital to understand the importance of culture as a KPI. Organizations are made of people, and people will determine the success or failure of an organization.

By making culture a KPI you’re ranking people as a key part of your organization, understanding the importance of quality team members, managers, and leaders, and how they all work together to make safe and secure products. 

Combined with DevSecOps KPIs, a culture measurement gives you a comprehensive and actionable view of your people and product. With this information, you’ll be able to map a path and trajectory toward organizational success.

The DevSecOps Journey Ahead

Without a destination, there can be no journey. Make sure you clearly establish with your teams what you hope to achieve with DevSecOps. You can then track your success by defining the right metrics and how you intend to see those metrics change over time. 

Most importantly, closely monitor progress towards that goal along the way and always adjust course to stay on track! Subsequent measurements are just as important as the initial measurement.

Questions about your DevSecOps? Looking for guidance as you prepare your next project? Reach out to us at [email protected]

Learn more: Revisit Parts 1 & 2

The Most Important Measurement in DevSecOps: Culture is part 3 in a three-part series. To gain an understanding of the Measure What Matters series, learn about traditional DevOps metrics, and how to add security metrics, and revisit parts 1 & 2.

Part 1: Traditional DevOps Metrics

Part 2: Security Metrics


Submit a Comment


Who We Are & What We Do

As passionate technologists, we love to push the envelope. We act as strategists, practitioners and coaches to enable enterprises to adopt modern technology and accelerate innovation.

We help customers win by meeting their business objectives efficiently and effectively.

icon         icon        icon

Newsletter Signup:

Join tens of thousands of your peers and sign-up for our best technology content curated by our experts. We never share or sell your email address!