Most development teams today are already using AI in some form, whether in writing code, running tests, or managing infrastructure. According to Stack Overflow’s 2025 Developer Survey, 84% of developers are already using or planning to use AI tools in their workflow, with many incorporating them into daily development tasks.
What’s less consistent is how these tools are used across teams, and how they fit into existing development and security practices. This gap between usage and alignment is becoming more visible as systems grow more complex and expectations around quality and security continue to increase.
Indivara’s recent Software Development Life Cycle (SDLC), DevSecOps, and Security Training and Knowledge Sharing Session was designed to address that gap, focusing on how teams can apply what they already know more consistently across the development lifecycle.
Organized by the People and Organization Development (POD) team, the multi-day session brought together technical teams across development, QA, and DevOps at Indivara. The sessions were led by John Sanchez, CTO, and Lyle Magno, CISO from Telly Systems, Inc., an Indivara Group subsidiary.
From the outset, the focus was not on introducing entirely new concepts, but on strengthening how existing practices are carried out in day-to-day work.
A key theme throughout the sessions was the shift from awareness to application.
As highlighted by John Sanchez, AI is rapidly changing how software teams operate, from writing code to managing infrastructure and running tests. Organizations that adopt AI across the entire development lifecycle stand to gain a meaningful advantage in speed, quality, and efficiency.
The discussion, however, went beyond adoption.
Participants explored how AI can be applied in practical ways across roles, including supporting infrastructure as code in DevOps, assisting development through tools, and improving QA processes through test case generation, reconciliation, and automation.
At the same time, emphasis was placed on how AI is used. Providing context to AI through structured files was highlighted as a simple but important practice that improves the relevance and consistency of outputs.
The takeaway was clear. AI is not something to prepare for, but something teams can use now, provided it is applied with the right structure.
Security was addressed within this same context, reflecting both evolving risks and increasing expectations.
The program was designed across multiple layers of the organization, from general awareness sessions for all employees, to secure coding practices for developers, governance discussions for leadership, and DevSecOps implementation for technical leads and architects. This structure ensured that each group understood not only the concepts, but also their specific role in strengthening security.
Across these sessions, Lyle Magno emphasized a consistent message. Security is not a separate phase at the end of development, but part of how systems are built from the start.
For technical teams, this means adopting a shift-left approach, identifying and addressing vulnerabilities earlier in the lifecycle, where they are significantly easier and less costly to fix. For delivery and architecture leads, it includes embedding security tooling into CI/CD (Continuous Integration/Continuous Delivery) pipelines, defining clear vulnerability management practices, and building toward a more mature DevSecOps model.
At the leadership level, the discussion focused on governance frameworks such as ISO 27001 and ISMS (Information Security Management System), as well as the importance of aligning security investments with business risk and regulatory expectations.
This perspective is particularly relevant given the nature of the solutions being developed.
As an organization building applications for financial services, Indivara operates in an environment where systems handle sensitive data, support monetary transactions, and are subject to strict regulatory and compliance standards.
In this context, security is no longer viewed as an additional layer or best practice. It is increasingly treated as a baseline expectation, both in regulatory assessments and in client engagements. A single incident can have direct implications not only for the organization, but also for the institutions and end users who rely on these systems.
Across both the development and security discussions, another point became clear. Responsibility is shared.
While each role engages at a different level, from recognizing security threats, to writing code, managing infrastructure, or setting strategic direction, each contributes to the overall reliability and security of the system.
The sessions were designed to reflect this, ensuring that participants left not only with relevant knowledge, but with a clear understanding of how it applies to their day-to-day work.