06 Oct 13:45 — 14:30
About the session
We’ve all been part of a huge transformation of the software delivery process over the last decade. By adopting a set of effective paths we’ve improved how we build, test, deploy, and operate software systems, gaining faster time to market and more reliable systems.
So why does securing our systems so often feel disruptive, box ticky, and well… hard? The hundreds of questions, the weeks of pen testing, the avalanche of spreadsheets? Over the last 5 years I’ve helped product delivery teams in several organisations improve how they build secure systems and comply with security requirements while enabling modern, agile and productive delivery.
In this talk I’ll explore some of the most common problems encountered when securing products, diving into causes and providing concrete, practical and battle-proven techniques to help you solve them. I’ll explore: “Black-box security reviews and tests are blocking my release” “A massive chunk of security work just landed on me out of nowhere” “I can’t prove the value of any of this security work, other than I ticked some boxes and gained an approval” “I spend hours and hours doing the same security activities and fixes, and so does everyone else I speak to” Join me, and let’s talk about how to overcome these problems!
- Empowering delivery teams to self-assess is key to genuinely securing software delivery
- Measuring security health is possible, and can be used to scale, prioritise and celebrate positive security improvements
- Empathy for your InfoSec team is crucial, they want to succeed and they’re part of the same organisation as you
- Friction and wasted time in security processes can, and must be removed
Themes: Security, DevSecOps, Value Stream, Transformation, Agile