Security features are becoming more important to our complete DevOps offering, and security people will be first-class citizens. Perhaps it's time to consider a role specifically for them. I'm not sure exactly what it would mean. Perhaps they'd be able to audit security results on projects, but otherwise be restricted like Developers or Reporters. Maybe eventually they'd used to approve/reject security-related changes.