Explore a comprehensive conference talk that challenges conventional security practices and introduces the concept of "shifting left" in software development. Delve into the journey of adopting Security BSides Group (SBG) methodologies, examining both successes and challenges. Learn how to gather essential data, address knowledge gaps, and transform security teams from enforcers to enablers. Discover strategies for upskilling developers and testers, and understand the evolving role of penetration testing in modern security frameworks. Gain insights into implementing a holistic security approach, achieving unexpected wins, and ultimately improving the bottom line through proactive security measures.
Overview
Syllabus
Obligatory $whomai slide
In the beginning...
Things went as well as you'd expect
So... We started to adopt the SBG way.
Victims of our own success
Shifting left...
Where to start?
Obtaining the data
Figuring out the missing bits
Being less scary
Being enablers instead of police
The results
Rollout plans
Upskilling Devs & Testers
Is pentesting dead?..... Hell no
Putting it all together
Full Circle & Unexpected Wins
Bottom line
Taught by
Security BSides London
