This document discusses how DevOps and security can work together. It begins by noting that DevOps often scares security professionals and security is not always helpful to developers. However, both are needed for companies to quickly get applications to market while limiting new vulnerabilities. The document recommends opening communications between DevOps and security, automating processes when possible, and educating and empathizing with one another. It provides examples of how to start integrating security into DevOps pipelines through threat modeling, scans, tests and audits. The document argues DevOps helps security by shifting it left into the software development lifecycle and enabling automation, versioning, monitoring and quick fixes.