DevOps teams still think of Security as “the people who say no.” However, DevOps are Security’s best allies in getting basic security improvements in place. Using the framework of the CIS Critical Security Controls (chiefly the ones classified as Basic), we will explain the ways that Security teams can sell security improvements to the DevOps/SRE/Automation teams and help them get their priorities addressed.For example, while having an inventory of all hardware and/or cloud assets is critical to speedy investigation of incidents, it is also critical to keeping systems within SLAs for their lifecycle and ensuring that billing for resources is correct. Likewise, the other Basic Critical Security Controls line up directly with DevOps and Automation teams’ priorities, and Security teams can meet their goals of improving the security of the company at the same time.