The North Star: Risk-Driven Security - DevSecCon

Discover a modern approach to security with this 42-minute DevSecCon conference talk on risk-driven security. Learn how to implement risk-first threat modeling, using business risk as the guiding principle to identify and prioritize critical threats. Gain insights into finding risks and vulnerabilities in code and architectures, and develop a clear understanding of your most significant weaknesses. Acquire a flexible and simple method for identifying and reducing security risks that can be easily explained to other teams and stakeholders. Understand how to gain buy-in, funding, and support for risk-reduction efforts by connecting security concerns to business objectives. Explore the benefits of threat modeling, which can be introduced at any point in a system's lifecycle and provides lasting security advantages. By the end of the talk, be equipped with practical knowledge to immediately implement this approach in your team and systems. Join the DevSecCon Discord community for further discussions and resources on security practices.