Presentation: Security Champions: Only YOU Can Prevent File Forgery
Share this on:
What You’ll Learn
- Hear about Security Champions, what they are and what they are useful for.
- Learn how to become a Security Champion for your team.
- Find out how to apply specific security training to developers in major programming languages.
Abstract
As a Developer, there will come a time when you realize that you have the power to not only ship awesome features, but also protect them so that no one else can tamper with all your hard work. Every Developer is responsible for coding securely, but there are a brave few among us that will take this power one step further by wearing the mantle of a Security Champion.
This talk will be your guide to becoming the Security Champion you always wanted to be, in just 5 easy steps. We’ll also talk about what benefits you get out of it, besides saving the world, and what to do if your company doesn’t have a Security Champions program or even a Product Security program.
What is the focus of the work that you do today?
Right now I'm working at Synopsis on a team called Product Security, and the focus of our work is to increase the amount of security activities that the engineering team is doing for our products. Our goal is to make the most secure product possible and to increase the security mindset of our employees in the engineering department for the products that we have.
Tell me about your talk.
One of the aspects that I work on is a program called Security Champions. It's a really exciting way for people outside of their Product Security team to get involved and be I think more interesting parts of security which is the actual developing code in a secure way. For this program we have nominated one security champion per product and that person goes through a process of training with me to become the advocate for security in their organization. Through that process it's a great way for this individual to get more skills enhancement and security and become more of a key player in the product development. As the security team introduces more security requirements into the product development lifecycle that person becomes a key player in helping to execute on those security requirements and becomes more of a champion and an advocate on their team to help the product team get through those security requirements successfully so that there's no delay on release, that there isn't any freeze security vulnerability remediation that needs to happen.
That's why we call it Security Champion because at the end of the release you could be the person that is the champion for the team that stops the security team from having to delay the release.
It flips the adversarial relationship and makes it into a a member of the team.
Yes, exactly. It's a partnership and we're really excited to show a security champion what is happening on our side of the fence and show them what we have to deal with and what our requirements are. On the flip side they get to show us what the business requirements are and what they're being pushed to do as far as features and releases and deadlines, and it creates a much more sympathetic relationship.
What's the focus of the talk?
The audience that I envision is developers, somebody that is senior enough to be able to speak to how changes in features and requirements affect change in the product. I am hoping to convince people to become security champions, and take the advice and the process that I've created and take it into your team as a developer and become a security champion. I'll talk about either how to request that a Security Champion's program is built among your security team, or if your company doesn't have the security team to support a Security Champion's program, how you can be like an army of one in your organization without the support of the security team. I'll give you the step by step guide for what you should be looking out for to be that security champion even without the support.
So, coming to your talk I'll learn a step by step guide to becoming a security champion, and what are the benefits of having security champions. Any other major takeaways?
I'll also talk about specific training. For example, Java is a very popular secure coding training in our organization. There are a couple of popular languages that have some good training, so you could hit the ground running to becoming a champion.
Similar Talks
Tracks
Monday, 5 March
-
Leading Edge Backend Languages
Code the future! How cutting-edge programming languages and their more-established forerunners can help solve today and tomorrow’s server-side technical problems.
-
Security: Red XOR Blue Team
Security from the defender's AND the attacker's point of view
-
Microservices/ Serverless: Patterns and Practices
Stories of success and failure building modern service and function-based applications, including event sourcing, reactive, decomposition, & more.
-
Stream Processing in the Modern Age
Compelling applications of stream processing & recent advances in the field
-
DevEx: The Next Evolution of DevOps
Removing friction from the developer experience.
-
Modern CS in the Real World
Applied trends in Computer Science that are likely to affect Software Engineers today.
-
Speaker AMAs (Ask Me Anything)
Tuesday, 6 March
-
Next Gen Banking: It’s not all Blockchains and ICOs
Great technologies like Blockchain, smartphones and biometrics must not be limited to just faster banking, but better banking.
-
Observability: Logging, Alerting and Tracing
Observability in modern large distributed computer systems
-
Building Great Engineering Cultures & Organizations
Stories of cultural change in organizations
-
Architectures You've Always Wondered About
Topics like next-gen architecture mixed with applied use cases found in today's large-scale systems, self-driving cars, network routing, scale, robotics, cloud deployments, and more.
-
The Practice & Frontiers of AI
Learn about machine learning in practice and on the horizon
-
JavaScript and Beyond: The Future of the Frontend
Exploring the great frontend frameworks that make JavaScript so popular and theg JavaScript-based languages revolutionising frontend development.
-
Speaker AMAs (Ask Me Anything)
Wednesday, 7 March
-
Distributed Stateful Systems
Architecting and leveraging NoSQL revisitied
-
Operating Systems: LinuxKit, Unikernels, & Beyond
Applied, practical, & real-world deep-dive into industry adoption of OS, containers and virtualisation, including Linux on Windows, LinuxKit, and Unikernels
-
Architecting for Failure
If you're not architecting for failure you're heading for failure
-
Evolving Java and the JVM: Mobile, Micro and Modular
Although the Java language is holding strong as a developer favourite, new languages and paradigms are being embraced on JVM.
-
Tech Ethics in Action
Learning from the experiences of real-world companies driving technology decisions from ethics as much as technology.
-
Bare Knuckle Performance
Killing latency and getting the most out of your hardware
-
Speaker AMAs (Ask Me Anything)