Best 16 DevSecOps Consultants Ready to Help

DevSecOps – integrating security tightly into software development and operations – has become crucial to modern tech.

The field is driven by standout individuals whose innovations, leadership, and expertise shape how organizations build secure software. Below is an updated list of the top DevSecOps experts worldwide, selected for their open-source contributions, hands-on leadership in security startups, influential blogging and community presence, impactful roles at major tech companies, and even victories in elite cybersecurity competitions:

1. James Berthoty
2. Jean-Baptiste Aviat
3. Anshuman Bhartiya
4. Renaud Deraison
5. Guy Podjarny
6. Clint Gibler
7. Zane Lackey
8. Abhay Bhargav
9. Chris Hughes
10. Shannon Lietz
11. Tanya Janca
12. Liz Rice
13. Simon Bennetts
14. Daniel Miessler
15. Tzachi Zornstain
16. Dan Lorenc

Now, let’s delve deeper into their qualifications and achievements:

James Berthoty

A future of security free from CNAPP.

James is a renowned cloud security and DevSecOps expert, known for his engaging technical content and sense of humor.

He is the founder of Latio Tech, a resource hub for cloud security tool comparisons, and works as a Security Engineer III at PagerDuty. Berthoty often shares practical “shift-left” security tips – from automating Kubernetes vulnerability scanning with AI to fast-tracking secure GitLab setups. A sought-after conference speaker, he demystifies DevSecOps best practices for broad audiences. Berthoty’s dual role as an entrepreneur and hands-on engineer in a major tech company, combined with his influential tutorials, makes him one of the leading DevSecOps figures today.

• LinkedIn: James Berthoty
• X (Twitter): @JamesBerthoty

Jean-Baptiste Aviat

Jean-Baptiste “Jb” Aviat is a widely respected application security engineer and entrepreneur.

He currently serves as a Staff Engineer for Security Products at Datadog and was the Co-Founder/CTO of Sqreen, a pioneering SaaS platform that protects web applications without requiring code changes. Under his technical leadership, Sqreen (which was later acquired by Datadog) built innovative in-app security monitoring tools. Aviat frequently shares his expertise through talks and panels (including discussions on securing cloud AI models), making him a key voice in modern AppSec.

His blend of hands-on product development and thought leadership in DevSecOps earns him a spot among the best.

• LinkedIn: Jean-Baptiste Aviat
• X (Twitter): @JbAviat

Anshuman Bhartiya

Anshuman has built a stellar reputation by securing software at scale in tech giants.

He is currently a Staff Security Engineer and AppSec Tech Lead at Lyft, after serving as Principal Security Engineer at Atlassian and Senior DevSecOps Engineer at Intuit. Bhartiya blends deep technical skills with a passion for knowledge sharing: he delivers keynotes on topics like “Bug Bounty Hunting on Steroids” and appears on podcasts to discuss modern AppSec programs. His experience rolling out DevSecOps at large organizations – coupled with community contributions (as a guest on Tanya Janca’s show and others) – showcases why he’s considered among the best.

Bhartiya’s track record of embedding security into developer workflows across multiple companies is a model for DevSecOps success.

• LinkedIn: Anshuman Bhartiya
• X (Twitter): @anshuman_bh
• Website/Blog: anshumanbhartiya.com

Renaud Deraison

Renaud is an AppSec pioneer often hailed as the “father of the Nessus scanner.”

In 1998, at age 17, he authored Nessus – the world’s most widely used open-source vulnerability scanner. He co-founded Tenable in 2002 to commercialize and expand this work, guiding the company as CTO for two decades and leading it to a successful IPO in 2018. Under Deraison’s leadership, Tenable became a global leader in exposure management. He continues to contribute to the security community (holding patents in scanning technology and serving on the CVE editorial board).

Deraison’s combination of open-source innovation (Nessus transformed vulnerability assessment) and business leadership makes him one of the most accomplished DevSecOps-focused engineers in the world.

• LinkedIn: Renaud Deraison

Guy Podjarny

Guy  is a serial entrepreneur and technologist who has significantly advanced developer-centric security.

He is the founder of Snyk, which under his leadership grew into one of the premier DevSecOps companies, offering developer-friendly tools to find and fix vulnerabilities in code, open-source libraries, and containers. Prior to Snyk, Podjarny was Chief Technology Officer at Akamai following the acquisition of his first startup, Blaze.io, where he had built web performance optimization tools. An active coder and O’Reilly author, he has long advocated for “dev-first” security solutions that empower engineers. In late 2024, Podjarny launched a new venture called Tessl (focused on AI-driven software development) which secured a remarkable $125M in Series A funding.

He is also a frequent conference speaker and podcaster (host of The Secure Developer), and an advisor to early-stage startups. Podjarny’s track record of creating impactful security tools and promoting a culture of shared responsibility for security makes him one of the top DevSecOps leaders globally.

• LinkedIn: Guy Podjarny
• X (Twitter): @guypod

Clint Gibler

Clint is a respected security researcher and influencer who specializes in translating cutting-edge research into practical guidance for developers.

He founded TL;DR Sec, a popular newsletter that distills AppSec and DevSecOps trends for over 25,000 subscribers. Gibler is an expert on software supply chain security and how new tech (like AI and large language models) can strengthen code security. He frequently gives keynotes on scaling application security programs, emphasizing empowering developers with security “guardrails” rather than roadblocks. Between newsletter publishing and conference talks, Gibler also leads by example as Head of Security Research at Semgrep, where he advances tooling for secure code analysis.

His influence via education, content creation, and tool development cements his status as a top DevSecOps consultant.

• LinkedIn: Clint Gibler
• X (Twitter): @clintgibler

Zane Lackey

Zane has been on the frontlines of DevSecOps since before the term existed. He was the Chief Security Officer and co-founder of Signal Sciences, a breakthrough security startup that reinvented web application protection for DevOps-era environments (and was acquired by Fastly for $775M in 2020).

Prior to that, Lackey led cybersecurity at Etsy, one of the first companies to implement DevOps at scale – at Etsy he pioneered new approaches in security to keep pace with rapid deployments. He also authored “Building a Modern Security Program” (O’Reilly), which became a handbook for security teams adapting to agile and cloud-native development. Today, Zane Lackey is a General Partner at Andreessen Horowitz (a16z), where he advises and invests in the next generation of security startups – spreading DevSecOps principles into new ventures. He remains on advisory boards (e.g., for the Cloud Security Alliance) and continues to speak at Black Hat and RSA about topics like zero-trust and scaling security.

With his unique mix of practitioner, founder, and now investor perspective, Lackey’s influence on DevSecOps practices is far-reaching.

• LinkedIn: Zane Lackey
• X (Twitter): @zanelackey

Abhay Bhargav

Abhay is a hands-on application security expert from India who has been instrumental in bringing DevSecOps practices to teams worldwide through training and tools.

He is the founder and Chief Research Officer of AppSecEngineer, an interactive online training platform, and of we45, an application security consulting company. Bhargav started his career “breaking” applications as a pentester, but later shifted focus to scaling AppSec via DevSecOps and cloud-native security. He has developed pioneering content, including the world’s first comprehensive hands-on DevSecOps training program, and is the architect of Orchestron, a vulnerability management and correlation platform. Notably, he created ThreatPlaybook, an open-source framework that brings threat modeling and security automation into Agile/DevSecOps workflows.

Bhargav is also a popular instructor and speaker at events like DEF CON, Black Hat, OWASP AppSec USA/EU – his sessions on topics like serverless security and automated threat modeling often sell out. Through his products, open-source contributions, and teaching, Abhay Bhargav has empowered countless developers to embrace DevSecOps, earning him a place among the top experts in this space.

• LinkedIn: Abhay Bhargav
• X (Twitter): @abhaybhargav

Chris Hughes

Chris is a prolific DevSecOps advocate bridging industry practice and public discourse. He is the co-founder and President of Aquia, a consultancy focused on cloud and DevSecOps for the public sector, and also hosts the Resilient Cyber podcast.

On his podcast and blog, Hughes convenes thought leaders to tackle topics like software supply chain risks in CI/CD, vulnerability management, and cloud security. He’s not just talk – Hughes is a Cyber Innovation Fellow in software supply chain security and serves as an advisor to multiple security startups. With a background as a U.S. Air Force veteran, he has a deep understanding of compliance-driven DevSecOps (e.g., in government cloud projects). Hughes’s blend of entrepreneurship, community education, and advisory roles makes him a go-to expert in the DevSecOps world.

• LinkedIn: Chris Hughes
• Podcast: resilientcyber.io

Shannon Lietz

To be effective in security, we must translate security into developer.

Shannon is widely recognized as the progenitor of the DevSecOps movement.

A decades-long security innovator, she coined the term “DevSecOps” around 2014, founded DevSecOps.org (and its Manifesto), and has been a driving force in spreading the philosophy of embedding security into DevOps from the start. Lietz led by example at Intuit, where as Director of DevSecOps she built out the company’s integrated security engineering, Red Team, and Cloud Security programs. In 2021, Adobe recruited her to become VP of Vulnerability Labs, heading their offensive security and secure-by-design initiatives. Throughout her career, Lietz has championed automation, metrics-driven security, and “security as code” long before they were industry buzzwords. She continues to share strategies for modernizing cybersecurity through conference talks and as an IANS Faculty member.

For her foundational contributions and ongoing leadership, Shannon Lietz stands out among the world’s top DevSecOps experts.

• LinkedIn: Shannon Lietz

Tanya Janca

Tanya (also known by her handle SheHacksPurple) is one of the most visible leaders in application security and DevSecOps advocacy.

She is the founder of We Hack Purple, an online academy and community dedicated to teaching AppSec, DevSecOps, and cloud security skills. An award-winning public speaker, Tanya has delivered hundreds of talks and trainings across six continents, often focusing on practical steps for developers to build secure software from the start. In 2023, her RSA Conference keynote on “DevSecOps Worst Practices” – highlighting common security mistakes in containerized environments – garnered wide acclaim. Janca is also an active open-source contributor (co-founder of OWASP DevSlop) and recently took on the role of Head of Education and Community at Semgrep, where she helps developers worldwide learn secure coding.

Her passion for teaching and community-building has made an immeasurable impact on the DevSecOps movement.

• LinkedIn: Tanya Janca
• X (Twitter): @shehackspurple

Liz Rice

Liz is an accomplished software engineer and evangelist whose work has greatly influenced container security and eBPF (extended Berkeley Packet Filter) technology.

She is the Chief Open Source Officer at Isovalent (now part of Cisco), the company behind the Cilium project, and was previously Vice President of Open Source Engineering at Aqua Security. Rice has a knack for making complex technical concepts accessible: she authored the O’Reilly book “Container Security” and “Learning eBPF,” which have become go-to resources for practitioners. From 2019 to 2022, she served as Chair of the CNCF’s Technical Oversight Committee, helping guide the direction of major cloud-native projects. She also co-chaired KubeCon/CloudNativeCon 2018 and remains on the CNCF Governing Board, evidencing her leadership in the open-source community.

Rice frequently speaks at global conferences, live-coding demos that illustrate container exploits and defenses. Her combination of technical chops, community service, and educational outreach has made Liz Rice one of the foremost experts at the intersection of DevOps and security.

• LinkedIn: Liz Rice
• Website: lizrice.com

Simon Bennetts

Simon is a legend in open-source security, best known as the creator and lead maintainer of the OWASP ZAP (Zed Attack Proxy) web security scanner.

He released ZAP in 2010 and has continuously improved it for over a decade, growing it into the world’s most popular web vulnerability scanning tool (used by countless developers and pentesters). Bennetts’s dedication to free, accessible security tooling led Checkmarx to hire him to work on ZAP full-time, and in 2024 he joined startup Jit as a Distinguished Engineer to further integrate ZAP into developer workflows. Often described as the “life force” behind ZAP, he has fostered a vibrant community contributing to the project. Beyond ZAP, Bennetts evangelizes DevSecOps concepts like automating security scans in CI/CD and provides guidance on API security testing.

By empowering developers globally to test their apps for vulnerabilities with open-source tools, Simon Bennetts has earned recognition as one of the top DevSecOps influencers.

• LinkedIn: Simon Bennetts
• X (Twitter): @psiinon

Daniel Miessler

Daniel is a veteran cybersecurity expert and influential blogger/podcaster who has helped shape how the industry thinks about DevSecOps.

With over 25 years of experience, Miessler has led security teams (he previously headed Information Security at Apple) and contributed to community projects like the OWASP IoT and Mobile Top 10. He is best known as the creator of Unsupervised Learning, a content platform with regular blogs, a podcast, and a newsletter that digests infosec and tech trends for a broad audience. From mapping out AI attack surfaces to preaching the mantra “Don’t fix things; build secure pipelines”, Miessler’s thought leadership pushes DevSecOps professionals to think strategically.

He’s also a frequent contributor to outlets like Forbes and Dark Reading, distilling complex security topics for executives and engineers alike. Miessler’s longstanding contributions as a communicator and practitioner place him among the top DevSecOps influencers.

• LinkedIn: Daniel Miessler
• X (Twitter): @DanielMiessler

Tzachi Zornstain

Tzachi is a leading expert in software supply chain security, with a particular passion for securing open-source ecosystems (and the Python language in particular).

He co-founded Dustico, a SaaS platform that detects malicious implants and backdoors in open-source libraries – work so impactful that Checkmarx acquired Dustico and made Zornstain the Head of Software Supply Chain Security. In recent research, Zornstain analyzed over 9,000 known malicious packages on npm and PyPI to uncover patterns in how attackers poison software supply chains. He frequently shares insights on emerging threats: for example, he wrote in Dark Reading about a GitLab Python malware incident, and on YouTube he has highlighted “lesser-known vulnerabilities on GitHub” that many developers overlook.

By combining deep research with real-world product development, Zornstain actively helps teams around the world rethink their approach to open-source component security – a critical part of DevSecOps in 2024.

• LinkedIn: Tzachi Zornstain

Dan Lorenc

Dan is a powerhouse of open-source innovation in cloud native DevSecOps.

As a software engineer at Google, he noticed gaps in container security and went on to create several game-changing tools: Minikube (for local Kubernetes), Skaffold (CI/CD for Kubernetes), and Kaniko (container image builder) among others. To address software supply chain risks, Lorenc co-founded the Tekton project (CI/CD pipelines) and Sigstore (a free service for code signing and verification), and helped establish the industry-standard SLSA framework for supply chain integrity. In 2021, he left Google to co-found Chainguard, where he is CEO – Chainguard provides secure container bases and tooling to “secure the software supply chain by default”.

Lorenc also chairs committees in the open-source community (he’s been on the CNCF Governing Board, chaired the Continuous Delivery Foundation TOC, and advises the OpenSSF). Few individuals have contributed as broadly and deeply to DevSecOps tooling as Dan Lorenc, whose work is used by developers worldwide daily.

• LinkedIn: Dan Lorenc

Wrap Up

These legends represent exceptional talent, making them extremely challenging to headhunt. However, there are thousands of other highly skilled IT professionals available to hire with our help. Contact us, and we will be happy to discuss your hiring needs.

Note: We’ve dedicated significant time and effort to creating and verifying this curated list of top talent. If you intend to share or make use of it in any way, we kindly ask that you include a backlink to the original source – EchoGlobal.