DevSecOps

Designing for DevSecOps

As a UX designer with a background in DesignOps, I’ve spent the past 5+ years supporting design systems and workflows that intersect with governance, scalability, and security — all key pillars of DevSecOps. While I haven’t directly engineered CI/CD pipelines, I’ve worked adjacent to teams responsible for automation, compliance, and infrastructure—and my work reflects that.

This page outlines how I bring a DevSecOps mindset to product design: embedding usability into secure, efficient, and scalable workflows.

UX for DevSecOps

In fast-moving CI/CD environments, users are not just “clicking buttons,” they're navigating:

  • Configuration files with real-world impact

  • Systems that must be both customizable and secure

  • Interfaces layered with permission structures and audit logs

A UX designer in this space must:

  • Understand technical user roles (developer, security lead, release manager)

  • Design for traceability, control, & resilience

  • Avoid introducing friction that could cause users to bypass security best practices

Enabling DevSecOps Culture

In my DesignOps role at Edward Jones, I:

  • Standardized design processes across a heavily regulated enterprise, which often intersected with compliance and audit requirements.

  • Collaborated with engineering and accessibility leads to ensure repeatable, auditable design tokens — a concept not far from secure code practices.

  • Advocated for automation in design QA, working toward Figma plugins and linters to reduce human error—paralleling CI/CD goals of consistency and speed.

Principles I Bring to DevSecOps UX

Least privilege design

  • Only surface sensitive actions (e.g., “delete pipeline,” “modify access token”) to users with proper role-based permissions

  • Use progressive disclosure to keep UIs clean while retaining powerful controls

Shift-left usability

  • Security and policy requirements must be built into the design from day one, not bolted on later

  • I aim to make secure workflows intuitive, so compliance is the path of least resistance

Designing for observability

  • Good UX supports monitoring and rollback: logs, breadcrumbs, and user feedback patterns all help users feel confident and in control

  • I design with the assumption that someone might need to troubleshoot quickly under pressure

Automated guardrails

  • Where possible, I prefer UI flows that guide users toward best practices, similar to linters or policy-as-code tools

  • Example: warning banners before destructive actions, or defaulting to safer options

Relevant UX Deliverables

In work that supported DevSecOps principles, I’ve contributed:

  • Workflow diagrams and task analyses for complex tools

  • Secure form patterns for internal tools handling sensitive client data

  • Design system governance to reduce design debt and mitigate risk at scale

  • Role-specific experiences, ensuring that different users see what’s relevant to them—and only that

Growing My Cybersecurity Expertise

To deepen my understanding of secure product development, I'm currently pursuing a BS in Cybersecurity from WGU. This program complements my UX experience by giving me:

  • Hands-on exposure to secure systems architecture

  • Certifications in areas like network security and risk management

  • A better grasp of how developers and security teams work under the hood

This education informs my design decisions (especially around access control, data handling, and system integrity) so I can better align user experience with real-world security practices.