Infrastructure security overview
Infrastructure and development are broad technical areas. Each has numerous distinct conceptual layers and components that integrate together. The provided best practices also take into account the complex relationship between infrastructure and development.
Application development and infrastructure security
Application development security relies on infrastructure security. If an application's underlying infrastructure (such as virtual machines) is compromised, attackers who gain control of the infrastructure can almost always gain control of the application and its data as well. Applications and build processes that host CI/CD are often hosted on infrastructure operated by an organization (or a SaaS application managed through infrastructure admin personnel and accounts).
As with all technology disciplines, take a "continuous improvement" approach. Start out with quick wins and continue with incremental progress toward a "north star"—a specified end state across your security strategy, architecture, implementation, and operations.