Explore strategies for evolving your organization's security culture in this 26-minute conference talk from Derbycon 2016. Delve into topics such as pseudonyms, post-mortem analysis of security failures, the importance of people in shaping culture, policy enforcement, and organizational maturity. Learn about persistence in the face of challenges, the necessity of training, metrics for measuring progress, and the value of secure coding practices. Gain insights on implementing security lunch-and-learn sessions and access valuable resources to enhance your office's security posture.
Overview
Syllabus
Intro
whoami
Pseudonyms
A failure that should never have happened.
Post Mortem
Security Culture
Culture requires people
How can culture change?
Policy Enforcement
Organizational Maturity
Persistence in the wake of oblivion
Story Conclusion
The need for training
Metrics
Secure Coding Lunch’n Learn
Addendum
Conclusions
Resources
Questions?
