Explore common security communication failures and learn effective strategies for collaborating with developers in this 42-minute conference talk from OWASP AppSec EU 2018. Delve into the "hippo analogy" for security failures, drawing parallels between aid program experiences and the security community's approach to secure coding. Gain insights on identifying "(in-)secure hippos," avoiding communication pitfalls, and implementing best practices gleaned from a decade of security consulting experience. Discover how to bridge the gap between security professionals and developers, fostering better understanding and collaboration. Topics covered include the importance of listening, understanding developers' real problems, overcoming fear and uncertainty, embracing DevOps, improving visibility, and reframing security discussions to align with developers' perspectives.
Don't Feed the Hippos - Improving Security Communication with Developers
Overview
Syllabus
Introduction
I dont you motorbike
People traded teams
Twerking Africa
The Hippo Cell
Fear Uncertainty
DevOps
Be Visible
Meeting
Security
Developer vs Security
Why do we have brakes
The world understanding of the user
Taught by
OWASP Foundation
