It’s Time to Treat Software Engineers as Security Evangelists

•

0 recomendaciones•448 vistas

Darren Hickling MBCS

Presentation given during the Enterprise Security and Risk Management conference 2018.

Tecnología

It’s Time to Treat
Software Engineers as
Security Evangelists
Darren Hickling

Software
engineering is
incredibly diverse

It is difficult to
prioritise security
development, even
with support!

Keeping pace
with technology
is a daily effort

Aware of
security flaws,
not necessarily
how to prevent
and mitigate

Try and follow
trends, often
without guidance

Time to evaluate
is limited and
precious

Similar
challenges
exist for all
companies
of any size

What do software
engineers expect,
then?

Consider a free
model for open-
source projects

Look to sponsor
blogs, events and
projects

Ensure it is easy to
install and configure
on any platform

Más contenido relacionado

La actualidad más candente

Prove it, ship it! - XP2010 Lightning talk

Anders Sveen

Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future. Additionally, WhiteSource Senior Director of Product Marketing, Jeff Crum, will discuss recent analysis of the Software Composition Analysis (SCA) market, including takeaways from The Forrester Wave™: Software Composition Analysis, Q2 2019.

Taking Open Source Security to the Next Level

WhiteSource

Mobile security new challenges practical solutions

Interop

Security Architecture

Phil Huggins FBCS CITP

State of DevSecOps - GTACS 2019

Stefan Streichsbier

State of DevSecOps - DevSecOpsDays 2019

Stefan Streichsbier

The road goes ever on and on by Ciaran Conliffe

DevSecCon

State of DevSecOps - DevOpsDays Jakarta 2019

Stefan Streichsbier

The Unlikely Couple, DevOps and Security. Can it work?

Todd Benson (I.T. SPECIALIST and I.T. SECURITY)

Tribune Media Sec Architect

Jacob Twisdale

The year is 2031, how has software development and security evolved in the last decade? Are there any developers or security folks left? Have robots taken our jobs? We will join Security Engineer Sam, that is responsible for securing a cutting edge application for a hot fintech company in the year 2021. The app has just completed a major release and Sam is sharing her progress and learnings with her peers at a local OWASP meetup. After a night of celebration she wakes up and finds her future self jumping out of a time-machine in her bedroom closet. Time travel paradoxes aside, the future of the world is at stake because a sentient A.I. is threatening to hack the planet. There is a small task force that has been working for a decade on finding a way to finally solve secure software development, and they have done it! There is no time to waste, you are joining your future self to go to the year 2031 and learn what they have learned to bring that knowledge back to present and avoid the dark future from ever happening.

DevSecOps in 2031: How robots and humans will secure apps together Log

Stefan Streichsbier

ALM and DevOps in the health industry

Agile Partner S.A.

Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements. However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software. Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses: 1. The four layers of open-source security 2. How to integrate continuous security into your SDLC 3. Best practices for organizations to own and execute the security process

Open Source Security: How to Lay the Groundwork for a Secure Culture

WhiteSource

Team MESA - Make Elderly Safe Again

James Neo

Operational security engineer architect

Mark Long

DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018

Adhitya Hartowo

DevOps Indonesia - DevSecOps - Application Security on Production Environment

Adhitya Hartowo

Compared to traditional software engineering, agile development is mainly targeted at projects with dynamic, undeterministic and non-linear characteristics, where accurate estimates, stable plans and predictions are often hard to get in early stages, and big up-front designs and arrangements will probably cause a lot of waste, i.e. are not economically sound. Agile software development is a group of software development methods in which requirements and solutions evolve through collaboration between self-organizing, cross-functional teams. It promotes adaptive planning, evolutionary development, early delivery, continuous improvement and encourages rapid and flexible response to change. It is a conceptual framework that focuses on frequently delivering small increments of working software.

Agile Software Development

Devasis Roy

Managing Application Security Risk in Enterprises - Thoughts and recommendations

Thierry Zoller

Collaborative Security: An approach to tackling Internet security issues

Internet Society

La actualidad más candente (20)

Prove it, ship it! - XP2010 Lightning talk

Taking Open Source Security to the Next Level

Mobile security new challenges practical solutions

Security Architecture

State of DevSecOps - GTACS 2019

State of DevSecOps - DevSecOpsDays 2019

The road goes ever on and on by Ciaran Conliffe

State of DevSecOps - DevOpsDays Jakarta 2019

The Unlikely Couple, DevOps and Security. Can it work?

Tribune Media Sec Architect

DevSecOps in 2031: How robots and humans will secure apps together Log

ALM and DevOps in the health industry

Open Source Security: How to Lay the Groundwork for a Secure Culture

Team MESA - Make Elderly Safe Again

Operational security engineer architect

DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018

DevOps Indonesia - DevSecOps - Application Security on Production Environment

Agile Software Development

Managing Application Security Risk in Enterprises - Thoughts and recommendations

Collaborative Security: An approach to tackling Internet security issues

Similar a It’s Time to Treat Software Engineers as Security Evangelists

• Implementation of a Secure Development Lifecycle (SDL) program ensures that security is inherent in good enterprise software design and development, not an afterthought included later in production. Taking an SDL approach yields tangible benefits such as ensuring that all software releases meet minimum security criteria, and that all stakeholders support and enforce security guidelines. Furthermore, the elimination of software risk early in the development cycle, when vulnerabilities are easier and less expensive to fix, provides a systematic approach for information security teams to collaborate with during the development process. This sounds like a great strategy. Discuss issues and problems that the analyst/designer may face if this strategy is adopted organization wide. Provide specific examples..

Implementation of a Secure Development Lifecycle (SDL) program ensures.pdf

adhityalapcare

A journey into Application Security

Christian Martorella

Secure software development.pdf

IntuitiveCloud

The Netizen Approach to Security and Innovation

Netizen Corporation

Respresenting Cyber Defense Community (cdef.id) to present and share my view on Secure DevOps / DevSecOps. Through this presentation, I shared several insights about: 1. How to balance the risk and controls in the "great shift left" paradigm (agile) 2. DevOps activities 3. How to seamlessly integrate security into DevOps 4. How to "shift left" the security" 5. Get started with Secure DevOps / DevSecOps 6. Case Study about DevSecOps implementation For further discussion, especially how to secure digital and agile transformation in your organization, don't hesitate to contact me :)

Protecting Agile Transformation through Secure DevOps (DevSecOps)

Eryk Budi Pratama

A detailed guide about dev secops

Enov8

Open Security and Privacy Reference Architecture

Asim Jahan

_Best practices towards a well-polished DevSecOps environment (1).pdf

Enov8

In the fast-paced world of software development, DevOps practices have become essential for driving efficiency and collaboration. However, amid the rush for speed, organizations must not overlook security and compliance. This article delves into the crucial role of DevOps consulting services in helping businesses strike the perfect balance between agility and robust security. Discover the best strategies to achieve security and compliance in DevOps with the guidance of expert consulting services. From shifting security left in the development process to implementing automation for continuous security checks, these services play a pivotal role in fostering a DevSecOps culture. Furthermore, they assist in maintaining compliance with industry standards and regulations, safeguarding businesses against potential threats and vulnerabilities. By leveraging the expertise of DevOps consulting services, organizations can confidently navigate the intersection of speed and security. Embrace the benefits of DevOps while ensuring your software systems remain secure, reliable, and compliant with the assistance of these invaluable consulting partners.

Achieving Security and Compliance in DevOps Best Strategies.pdf

Urolime Technologies

Enhance your projects with SynergyTop's expertise in Security for Software Development. Our tailored solutions ensure robust protection throughout the development lifecycle, safeguarding against threats. Trust us to implement industry-leading security measures for your software projects. Partner with SynergyTop to fortify your software development endeavors. To know more, read the blog at: https://tinyurl.com/3cb98788

Security For Software Development - SynergyTop

SynergyTop Inc.

Security Culture from Concept to Maintenance: Secure Software Development Lif...

Dilum Bandara

DevSecOps for Agile Development: Integrating Security into the Agile Process

Dev Software

Software risk management

Jose Javier M

DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs. Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ - all the tech and process in the world isn’t going to make it successful if the people and culture (and heart) are not in it. So let’s share what we’ve seen from 100s of company interactions, understand better where everyone is coming from, and how to approach a DevSecOps program that can move the needle like Marty McFly playing Doc Brown’s guitar. We’ve love this to be interactive, so bring your stories and questions. Gary's Bio Gary Robinson has been working in software and cyber security for 20+ years, as a coder, pen tester, consultant, Security Architect at Citi, Global Board member at OWASP, and heading up Uleska to focus on DevSecOps for the last 5 years. Gary’s focused on the people, process, technology, and culture aspect of DevSecOps – as someone who’s worked in all three spaces during his time – and what drivers, blockers, etc each experience with ‘DevSecOps’, ‘shift-left’, ‘secure by design’, and the rest. -------- Find out more about us  www.uleska.com/ Follow us on LinkedIn  https://www.linkedin.com/company/uleska/ Follow us on Twitter  https://twitter.com/uleska_sec/

The Teams Behind DevSecOps

Uleska

Fortify-Application_Security_Foundation_Training.pptx

YoisRoberthTapiadeLa

Fortify-Application_Security_Foundation_Training.pptx

VictoriaChavesta

In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach made AppSec and InfoSec were a little left behind. The DevOps squad topology does not involve any of the organization's AppSec and InfoSec Engineer. Many DevOps team are also not included them since they lack the information on how to manage and configure DevOps CI / CD pipelines and DevSecOps approaches. There's no shortage of talent — you probably don't have a mission worth getting out of bed or a culture that fosters continuous learning such DevSecOps skill and tools and growth where people feel psychologically safe. Besides, there is no shortage of skills — most have a poor understanding of what they need to be successful or the skills that need to leverage to improve their security posture.

Why Security Engineer Need Shift-Left to DevSecOps?

Najib Radzuan

A detailed guide about dev secops.docx

Enov8

Influential Business Leaders in Security services | CIO Look

CIO Look Magazine

Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss: - Why traditional DevOps has shifted, and what this will mean - Who should own security in the age of DevOps - Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps

WhiteSource

Similar a It’s Time to Treat Software Engineers as Security Evangelists (20)

Implementation of a Secure Development Lifecycle (SDL) program ensures.pdf

A journey into Application Security

Secure software development.pdf

The Netizen Approach to Security and Innovation

Protecting Agile Transformation through Secure DevOps (DevSecOps)

A detailed guide about dev secops

Open Security and Privacy Reference Architecture

_Best practices towards a well-polished DevSecOps environment (1).pdf

Achieving Security and Compliance in DevOps Best Strategies.pdf

Security For Software Development - SynergyTop

Security Culture from Concept to Maintenance: Secure Software Development Lif...

DevSecOps for Agile Development: Integrating Security into the Agile Process

Software risk management

The Teams Behind DevSecOps

Fortify-Application_Security_Foundation_Training.pptx

Why Security Engineer Need Shift-Left to DevSecOps?

A detailed guide about dev secops.docx

Influential Business Leaders in Security services | CIO Look

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps

Último

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

How to convert PDF to text with Nanonets

naman860154

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Histor y of HAM Radio presentation slide

vu2urc

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Evaluating the top large language models.pdf

ChristopherTHyatt

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal