@rune@mastodon.nzoss.nz Well, that's pretty much all to the organisational culture and process. I'm part of two large devops projects, in both 100% of infra is managed - one uses Puppet, the other one Ansible. This includes deployment of applications too.

As as devsecops guy I know like noone else how difficult it is to convince anyone to (OMG!) reboot a server and get new kernels installed but I'm just using case studies of actual breaches or near miss at our competitors to make this convincing :)