Signal Siences published The devops roadmap for security in 2016. I just read it and found it quite easy and interesting. Obviously, it's about integrating security in a devops organization.
Most things they touch on can also be found elsewhere, but:
- page 14 makes clear why a good engineering culture is important in general and in particular for security (hint: because there's not enough security engineers and you need others to do some of the work)
- pages 15-16 are must read; they outline Lean Security and what we must do right to not be rejected by the delivery organization
