Explore strategies for evolving office security culture through selective breeding of ideas and practices in this conference talk from NolaCon 2016. Learn from real-world examples, including a critical failure and a persistent security initiative, to understand how culture change can be driven by people, technology, and policies. Discover methods for raising security awareness among developers, implementing effective training programs, and measuring the impact of learning activities. Gain insights into organizational maturity, policy enforcement, and the importance of secure coding practices. Examine survey results demonstrating the effectiveness of security awareness initiatives and leave with actionable strategies to improve your organization's security posture.
Overview
Syllabus
Intro
Pseudonyms
Story 1 - A failure that should never have happened.
Post Mortem
Culture the behaviors, beliefs, values, and symbols of a group that are passed along by communication and imitation from one generation to the next
Security the state of being free from danger or threat
Security Culture the behaviors, beliefs, values, and symbols of a group that help them be free from danger
Culture requires people Lets look at NOLACON NOLACON Culture
How can culture change? People Technology Policies
Policy Enforcement
Organizational Maturity
Story 2 - Persistence in the wake of oblivion
PreMortem What is the best case scenario?
Story Details Continued Talk to Pinky
More Story Details Again In the next meeting with Fred from Accounting
Story Conclusion Elevate to Angleton
Raising security awareness in developers
The need for training
Metrics Learning Metrics Measure the effectiveness of the learning activity · Surveys of before and after opinions and behaviours
Secure Coding Lunch'n Learn
Results On scale of 1 to 5 how knowledgeable are you of secure coding practices?
Results Continued On a scale of 1 to 5 how important is it to consider security while coding?
More Results I will be able to use the information in this class to improve the security of the code write.
Conclusions
Questions?
