Nazneen Rupawalla

Organizational Change Through The Power Of Why - DevSecOps Enablement

Is your security team a bottleneck? Learn a data-driven strategy to shift security ownership to developers and explain the 'why'.

Organizational Change Through The Power Of Why - DevSecOps Enablement
#1about 3 minutes

Why traditional security engagement creates bottlenecks

Security teams become a bottleneck when accountability is misplaced and feedback is provided too late in the development cycle.

#2about 1 minute

Creating a center of excellence for security

A center of excellence was established to make security planning scalable, measurable, and easier for teams to adopt.

#3about 3 minutes

Integrating security into existing team workflows

A security champion program and mapping controls into project management tools like Trello helps embed security into daily work.

#4about 4 minutes

Structuring security controls with the power of why

Each security control is framed with a 'why' to provide business context and a 'how' with actionable steps and tools.

#5about 3 minutes

Automating security tooling within the SDLC

Security tools for SAST, runtime security, and cloud misconfigurations are integrated into the CI/CD pipeline as acceptance criteria for controls.

#6about 2 minutes

Visualizing security progress with data-driven dashboards

Data from Trello boards is automatically collected via webhooks to create dashboards that track team progress on security controls.

#7about 3 minutes

Creating a security maturity model for leadership

Team-level data is aggregated into a high-level security maturity model to give leadership visibility and drive accountability.

#8about 1 minute

Building an effective security champion program

Nominating champions through tech leads, rather than relying on volunteers, increases the program's impact and motivation.

#9about 1 minute

Key takeaways for building a security culture

Explaining the 'why' behind security empowers teams to take ownership, while relationship building and automation are key to cultural change.

#10about 3 minutes

Q&A on program implementation and threat modeling

The discussion covers the program's 1.5-year implementation timeline, managing high-impact risks, and doing threat modeling every iteration.

Related jobs
Jobs that call for the skills explored in this talk.

test

Milly

Milly
Vienna, Austria

Intermediate
.NET
TypeScript
+1

Matching moments

From vulnerability researcher to automated security founder
05:31 MIN

From vulnerability researcher to automated security founder

The transformative impact of GenAI for software development and its implications for cybersecurity

Shifting security left with collaborative threat modeling
03:08 MIN

Shifting security left with collaborative threat modeling

We adopted DevOps and are Cloud-native, Now What?

Why security teams must scale through developer collaboration
02:54 MIN

Why security teams must scale through developer collaboration

Building Security Champions

Why security is a shared responsibility for every role
02:20 MIN

Why security is a shared responsibility for every role

What The Hack is Web App Sec?

How to shift left with a security champions program
08:08 MIN

How to shift left with a security champions program

Stranger Danger: Your Java Attack Surface Just Got Bigger

Fostering a developer-first security culture
01:17 MIN

Fostering a developer-first security culture

Walking into the era of Supply Chain Risks

Balancing developer and stakeholder security priorities
04:25 MIN

Balancing developer and stakeholder security priorities

What The Hack is Web App Sec?

Scaling AppSec teams by empowering developers
03:15 MIN

Scaling AppSec teams by empowering developers

Why Security-First Development Helps You Ship Better Software Faster

Featured Partners

Related Videos

See all videos
DevSecOps culture16:00

DevSecOps culture

Ali Yazdani

Building Security Champions48:02

Building Security Champions

Tanya Janca

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

Building Security Champions42:40

Building Security Champions

Tanya Janca

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Why Security-First Development Helps You Ship Better Software Faster22:18

Why Security-First Development Helps You Ship Better Software Faster

Michael Wildpaner

Related Articles

View all articles
BB
Benedikt Bischof
Building Security Champions
Welcome to this issue of the WeAreDevelopers Dev Talk Recap series. This article recaps an interesting talk by Tanya Janca who gave advice about how to find and teach the perfect persons to be your security champions. What you will learn:‍- How to at...
Building Security Champions
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?
JC
Jordan Cutler
A Guide to Public Speaking For Software Engineers
“Your technical skills are where they need to be, but you need to improve your communication.” - Your manager. This is one of the hardest pieces of feedback to hear as a software engineer. Why? Because you probably thought as a software engineer you ...
A Guide to Public Speaking For Software Engineers

From learning to earning

Jobs that call for the skills explored in this talk.