Canonical interview question

Outline your thoughts on devops and devsecops. Which practices are effective, and which are overrated?