Dan Abel @ Fast Flow Conference

Being Secure By Design: Engineer Led Security

Deep dives and follow-ups

(Title Photo by Peter Conrad on Unsplash)

Dan’s deep dives

1. Engineering a solution to security

2. Navigating security challenges: the art of risk register creation

3. Building paved paths to raise a secure tide

4. 'With Great Power...' Making security documentation that matters

5. Want secure products? Start your engineers thinking like hackers

Appendix

1. Interview with George, one of our POC team engineers

Security incidents

1. M&S cyberattack news article

2. Co-op cyber-incident response

3. Booking.com ActionFraud police alert

4. Doordash data breach article

5. Doordash driver scam article

Security Primers

• Web security beginner? Start here: OWASP top 10

• What is Devsecops?

Integrating Security

• GOTO 2015: The Road To Being Rugged (Shannon Lietz) [Slides] [Video]

• BSidesSF 2022: Why Security Engineers and Product Managers should be working together [Slides][Video]

• Github: How empowering developers helps teams ship secure software faster

• Forbes: Why Organizations Need A Developer-Centric Security Approach

• Security Champion framework

• Why Security Champions are not the silver bullet

• Snowflake: Keeping [security] all together at scale

Organisational Change Backgrounders

(for managing change and team operation)

1. Use the Team Onion for silo awareness and team boundary understanding

2. Use the Lippitt-Knoster Model for Managing Complex Change to spot weaknesses in your planning

3. Operate over People, Process, Technology (and Culture)

4. Respect and build the invisible-infrastructure that PPT misses