Steps to Creating Security Champions on your Application Development Team - Seguridad Mania.com - España y América Latina

One of the most powerful things an organization can do to improve its security posture is to cultivate security-mindedness in its developers. Security and development teams often feel at odds with one another and yet they share a common goal: to put quality code into production. Bringing these teams into closer contact gives them a deeper understanding of each other’s pressures, priorities, and processes. Developers are well-positioned to address application security. By designing applications with security in mind, and finding and fixing flaws early in the software development lifecycle, developers shift security left. In doing so they both lighten the burden on the security team and reduce unplanned work for themselves down the road. An interested developer—given the right direction, encouragement, and tools—can become an effective security champion. Join this session to learn how to identify the right developers for this role and how to best train and support them over time. Your security champions will advocate for security as a non-negotiable component of code quality and in turn foster security-mindedness in their peers, amplifying security knowledge across the organization. About the speaker: Ryan O’Boyle is a Principal Security Researcher at Veracode, and a certified ScrumMaster. Prior to joining Veracode, he helped create the internal penetration testing team at Fidelity Investments, where he was focused not only on finding vulnerabilities but helping engineers fix them and avoid them altogether. This session is part of Veracode's "Your AppSec Game Plan" Summit.