Breaking the Cycle: From Red Teaming to DevSecOps Leadership
Thu Jan 22 2026
In this episode, we explore the remarkable career transformation of Hiroshi Tanaka, a security veteran with 15 years of experience in offensive security, penetration testing, and red team operations.
Despite his extensive background in a Fortune 500 company, Hiroshi realised that his ability to "break things" was no longer sufficient as his organisation transitioned towards DevOps and cloud-native development.
He shares his candid journey of overcoming the fear of becoming "irrelevant" and the challenge of preventing vulnerabilities during development rather than just finding them in production. We dive deep into the solution that changed his career trajectory: the Certified DevSecOps Professional (CDP) programme.
Key Discussion Points:
• The 60-Day Pivot: How Hiroshi transitioned from offensive security to a secure SDLC mindset through 100+ hands-on labs covering CI/CD integration, SCA, SAST, and DAST.
• Infrastructure-as-Code (IaC): Mastering the security of automated pipelines using tools like Jenkins, GitLab CI, Ansible, and Terraform.
• Tangible Results: Within 30 days of his certification, Hiroshi automated security scanning that caught 23 high-severity vulnerabilities before they reached production—issues that previously would not have been caught for months.
• The Professional ROI: The business impact of reducing deployment delays from two weeks to two days and how this pivot led to a promotion to AppSec Lead with a 40% salary increase.
Hiroshi explains how gaining technical credibility allowed him to speak the "same language" as DevOps teams, shifting his role from a quarterly auditor to a key player embedded in sprint planning.
Looking Forward: We also touch upon emerging trends for 2026, including the necessity of securing AI supply chains and data pipelines through certifications like the Certified AI Security Professional (CAISP).
Whether you are looking to master Kubernetes security, API security, or Threat Modeling, this episode serves as a comprehensive guide for any security professional or developer looking to upgrade their career and join the top 1% of cybersecurity engineers.
https://www.linkedin.com/company/practical-devsecops/
https://www.youtube.com/@PracticalDevSecOps
https://twitter.com/pdevsecops
More
In this episode, we explore the remarkable career transformation of Hiroshi Tanaka, a security veteran with 15 years of experience in offensive security, penetration testing, and red team operations. Despite his extensive background in a Fortune 500 company, Hiroshi realised that his ability to "break things" was no longer sufficient as his organisation transitioned towards DevOps and cloud-native development. He shares his candid journey of overcoming the fear of becoming "irrelevant" and the challenge of preventing vulnerabilities during development rather than just finding them in production. We dive deep into the solution that changed his career trajectory: the Certified DevSecOps Professional (CDP) programme. Key Discussion Points: • The 60-Day Pivot: How Hiroshi transitioned from offensive security to a secure SDLC mindset through 100+ hands-on labs covering CI/CD integration, SCA, SAST, and DAST. • Infrastructure-as-Code (IaC): Mastering the security of automated pipelines using tools like Jenkins, GitLab CI, Ansible, and Terraform. • Tangible Results: Within 30 days of his certification, Hiroshi automated security scanning that caught 23 high-severity vulnerabilities before they reached production—issues that previously would not have been caught for months. • The Professional ROI: The business impact of reducing deployment delays from two weeks to two days and how this pivot led to a promotion to AppSec Lead with a 40% salary increase. Hiroshi explains how gaining technical credibility allowed him to speak the "same language" as DevOps teams, shifting his role from a quarterly auditor to a key player embedded in sprint planning. Looking Forward: We also touch upon emerging trends for 2026, including the necessity of securing AI supply chains and data pipelines through certifications like the Certified AI Security Professional (CAISP). Whether you are looking to master Kubernetes security, API security, or Threat Modeling, this episode serves as a comprehensive guide for any security professional or developer looking to upgrade their career and join the top 1% of cybersecurity engineers. https://www.linkedin.com/company/practical-devsecops/ https://www.youtube.com/@PracticalDevSecOps https://twitter.com/pdevsecops