The Secure Software Development Framework (SSDF) is quickly becoming a cornerstone for organizations aiming to build and deliver software with security at its core. Yet, for many DevOps teams, SSDF requirements can feel like a brake on the very speed and agility that define modern software delivery. This session examines the intersection of DevOps and SSDF, exploring whether these two forces are natural allies in building secure, resilient software, or whether they stand in tension. We’ll dissect where SSDF’s prescriptive controls align with DevOps automation, continuous delivery, and “shift-left” security principles, and where friction emerges, from documentation overhead to post-deployment compliance. We’ll discuss how teams can integrate SSDF tasks into CI/CD and introduce the CI/CD Cybersecurity Guide designed to help navigate the SSDF. Attendees will leave with a clear playbook for making DevOps and SSDF work together as partners in security rather than as opposing forces.