DevSecOps in Action: How Samlink Builds Security into Every Stage of Development

Building Security into the DevOps DNA  

News |
Share

In today’s development environments, speed is everything. But when security is treated as an afterthought, speed can quickly turn into exposure. That’s why the integration of security into DevOps—often referred to as DevSecOps—has become one of the most important shifts in modern software development.

At Samlink, Chief Information Security Officer Christian Eichin is clear about what this transformation means in practice:

“Security is not a gate at the end of the process. It’s a layer built into every stage of development. The goal is to make it natural, almost invisible, but always present.”

From Process to Mindset

The idea behind DevSecOps is simple: development, operations, and security should no longer operate as separate silos. Instead, security principles must be embedded in the same continuous cycle of building, testing, and deploying that defines DevOps.

Christian emphasizes that this change isn’t just technological. It is cultural.

“DevSecOps is not a tool, it’s a mindset. It’s about shifting from security as a blocker to security as an enabler. Everyone shares the responsibility, from developers to management.”

This means automating security checks, integrating vulnerability scanning directly into CI/CD pipelines, and using code analysis tools that provide real-time feedback, but it also means trust, transparency, and communication between teams.

One of the biggest challenges in DevSecOps is balance. Automation is essential for speed, but it can’t replace human judgement.

“We can automate vulnerability scans, dependency checks, and configuration testing,” Christian explains. “But automation without context can create noise. You still need people to interpret the results and understand the risks.”

At Samlink, this balance is achieved through close collaboration between security specialists and development teams. The aim is not to slow down the process, but to ensure that every step is secure by design.

“When developers get immediate feedback about potential risks in their code, it prevents issues early, long before they reach production. That’s the real power of integration.”

Resilience by Design

Samlink’s approach to DevSecOps is deeply aligned with Kyndryl’s cyber resilience philosophy, which is about building security into the structure of systems, rather than layering it on top afterwards.

Christian notes that resilience is not a single solution, but an ongoing process.

“We integrate continuous control monitoring and threat modeling into development so that resilience grows together with the product.”

For Kyndryl, this philosophy is known as co-created resilience, a model, where customers, partners, and experts work together to design defenses that fit each organization’s needs.

“We share this approach,” Christian adds. “When security is built into DevOps, it becomes part of the business itself, not just an IT concern. It’s how you keep innovation safe.”

As software delivery accelerates, the pressure to maintain both agility and security will only grow. Artificial intelligence, automation, and increasingly complex ecosystems are changing the rules of engagement.

Christian believes that organizations ready to adapt now will define the next phase of digital resilience.

“DevSecOps is about trust: between people, between teams, and between systems. If security is in your DNA, it doesn’t slow you down. It makes you stronger.”