Steps to Creating Security Champions on your Development Team

Logo
Presented by

Ryan O'Boyle, Manager, Product Security, Veracode

About this talk

One of the most powerful things an organization can do to improve its security posture is to cultivate security-mindedness in its developers. Security and development teams often feel at odds with one another and yet they share a common goal: to put quality code into production. Bringing these teams into closer contact gives them a deeper understanding of each other’s pressures, priorities, and processes. Developers are well-positioned to address application security. By designing applications with security in mind, and finding and fixing flaws early in the software development lifecycle, developers shift security left. In doing so they both lighten the burden on the security team and reduce unplanned work for themselves down the road. An interested developer—given the right direction, encouragement, and tools—can become an effective security champion. Join this session to learn how to identify the right developers for this role and how to best train and support them over time. Your security champions will advocate for security as a non-negotiable component of code quality and in turn foster security-mindedness in their peers, amplifying security knowledge across the organization. About the speaker: Ryan O’Boyle is a Principal Security Researcher at Veracode, and a certified ScrumMaster. Prior to joining Veracode, he helped create the internal penetration testing team at Fidelity Investments, where he was focused not only on finding vulnerabilities but helping engineers fix them and avoid them altogether. This session is part of Veracode's "Your AppSec Game Plan" Summit.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (396)
Subscribers (31055)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at www.veracode.com