DevOps (despite it's increasing popularity amongst both startups and now enterprises as well) still has a bad image with large chunks of the security community. While there are some challenges it brings, this negative reputation is largely undeserved and due to several critical myths around how DevOps breaks security or leaves security out of the equation. DevOps, when done right (and that is a key distinction) actually improves security of your applications. This is due to some very interesting, though initially counter-intuitive features of DevOps. We'll dismantle these myths, replace them with facts and perhaps generate a few legends of our own.