The responsibility and accountability for security is rapidly shifting toward DevOps engineers, as they have greater visibility into the broader architecture of processes and systems used to deploy applications. Effective DevSecOps makes application deployments, operations, and service monitoring easier and more secure. In particular, DevOps engineers will be responsible for securing the Infrastructure as Code in which they build. In this Refcard, we explore IaC security, how it works, why it’s important, and core practices for success.