Explore the challenges and evolving landscape of cybersecurity in this thought-provoking conference talk. Delve into the disconnect between security teams and developers, examining why organizations struggle to integrate security effectively into their technology processes. Learn from a seasoned security professional's 20-year journey, as he shares insights on moving beyond the "Church of No" mentality and offers practical lessons for achieving a DevSecOps utopia. Discover the importance of usable security, the need for partnership between security and development teams, and strategies for overcoming the industry's image problem. Gain valuable perspectives on security truisms, the concept of security as a vector, and the significance of resilience and education in building a strong security mindset. Understand the critical role of enabling, empowerment, and blamelessness in fostering a culture of shared responsibility for cybersecurity across organizations.
Overview
Syllabus
Intro
Lions Den
Security will not improve
Keynote should start with a hypothesis
The security industry
The failure of the security industry
Free therapy
Sorry
Youre Dumped
Where Are We Going
The People Problem
Demonisation
People problem
Venn diagram
People and technology
Security industry
What is usable security
The partnership aspect
The image problem
We need to stop this
We need to grow up
This isnt just the fun
My first language
Security truisms
Security is incomplete
Security is a vector
Its also not static
Its also not zero risk
Security teams find it hard
Etsy
Phishing Test
Resilience Fishing Education
Security Education
Security Mindset
Enabling
Power
Blamelessness
Principles
The most important thing
Wrap up
We need your help
By definition Securitys people centric
Security should not be a thing
Its a shared responsibility
Hold them to account
Take your lessons
Enable transparent blameless
Taught by
USENIX
