This talk shares how the secure-enough software challenge can be solved by building an engineer-led security culture, leading to a culture of collaboration and confidence in good security choices.
More like this
Securely designed and maintained software is a must-have, but there are never enough experts to work with every team, review every design, and solve every problem.
The solution is often centralized control and managed releases that push engineers out of ownership of both security and software operation. Other orgs take a different path and risk the land of do-as-you-please, hoping their engineers make good enough choices with what they happen to know and focus on. Trust, enablement, and partnerships are rarely on the menu.
In the early 2020s, I had the opportunity to solve these problems. Valuing autonomy and flow in software delivery as much as solid security, I took a different approach: treating security as a platform to support and enable engineers and the company.
This talk demonstrates how a small team of engineers can have a big impact on security across a set of engineering teams. It will show how Product Squads can grow to co-own security with an organization’s IT stakeholders; so teams can keep shipping features whilst becoming more secure.
We’ll explore how you can engage with your engineering teams to own secure and safe delivery, empowering them to make timely, educated, and informed decisions. It provides a map of the journey we took, the values we lived, and what we learned on the way. It will help you create places in your culture where security can blossom and deliver more safety to your customers.
Key takeaways
- How enabling your Product teams to co-own security can scale security operations
- How a small team that’s focused on enabling this change can make a big difference
- How to bring knowledge and set a standard that supports security knowledge growth in your teams
- How the building of connective tissue across the org can support security and resilience
