Assess how is the collaboration between developers and the operations team to implement security.
Culture of Security
Check whether your teams are empowered to create and deliver secured code with the proper knowledge and tools. Have all teams received security education, guidelines, and policies.
Understand if your processes are efficient enough for visibility across systems. Is there any lack of planning and consideration?
Status of Automation
Assess the level of automation of security operations within your DevOps pipeline.