CI/CD is usually the first step towards implementing DevSecOps within an organization. Organizations setup agile delivery teams, implement CI/CD and then automate functional testing, code scan and create deployment on demand. This is particularly effective in organizations adapt at implementing new technologies when they are starting new product development. However, for every new implementation there are a number of legacy applications that challenge organizations’ ability to implement the very basics of CI/CD. Organizations with legacy applications often have concerns how automation fits into their environment, what skills they need, how it will fit into their program, and then what remediation is required when quality issues are found. Successful implementation of CI/CD is not just about technology. It is also critical to understanding the change management aspects, the organizations’ culture before designing a program. This process helps assure the organization can develop their DevSecOps one step at a time for optimal results.