Nazneen Rupawalla
Organizational Change Through The Power Of Why - DevSecOps Enablement
#1about 3 minutes
Why traditional security engagement creates bottlenecks
Security teams become a bottleneck when accountability is misplaced and feedback is provided too late in the development cycle.
#2about 1 minute
Creating a center of excellence for security
A center of excellence was established to make security planning scalable, measurable, and easier for teams to adopt.
#3about 3 minutes
Integrating security into existing team workflows
A security champion program and mapping controls into project management tools like Trello helps embed security into daily work.
#4about 4 minutes
Structuring security controls with the power of why
Each security control is framed with a 'why' to provide business context and a 'how' with actionable steps and tools.
#5about 3 minutes
Automating security tooling within the SDLC
Security tools for SAST, runtime security, and cloud misconfigurations are integrated into the CI/CD pipeline as acceptance criteria for controls.
#6about 2 minutes
Visualizing security progress with data-driven dashboards
Data from Trello boards is automatically collected via webhooks to create dashboards that track team progress on security controls.
#7about 3 minutes
Creating a security maturity model for leadership
Team-level data is aggregated into a high-level security maturity model to give leadership visibility and drive accountability.
#8about 1 minute
Building an effective security champion program
Nominating champions through tech leads, rather than relying on volunteers, increases the program's impact and motivation.
#9about 1 minute
Key takeaways for building a security culture
Explaining the 'why' behind security empowers teams to take ownership, while relationship building and automation are key to cultural change.
#10about 3 minutes
Q&A on program implementation and threat modeling
The discussion covers the program's 1.5-year implementation timeline, managing high-impact risks, and doing threat modeling every iteration.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
24:17 MIN
Shifting security left with collaborative threat modeling
We adopted DevOps and are Cloud-native, Now What?
00:17 MIN
The cultural shift from DevOps to DevSecOps
You can’t hack what you can’t see
14:01 MIN
Security is now a shared responsibility across all teams
The Evolving Landscape of Application Development: Insights from Three Years of Research
08:53 MIN
Integrating security into the DevOps lifecycle with DevSecOps
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
29:56 MIN
Q&A on speed, team adoption, and common mistakes
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
03:58 MIN
Why security must be integrated from the start
DevSecOps: Security in DevOps
39:50 MIN
Q&A on Team Topologies, security, and cultural change
Fast Flow, Not Fast Fluff: Embracing an Eclectic DevOps Coaching Approach
28:42 MIN
Key lessons learned from implementing DevSecOps
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
Featured Partners
Related Videos
16:00DevSecOps culture
Ali Yazdani
48:02Building Security Champions
Tanya Janca
21:53Simple Steps to Kill DevSec without Giving Up on Security
Isaac Evans
23:34Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together
Stefania Chaplin
27:36Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?
Tino Sokic
21:54Real-world Threat Modeling
Ali Yazdani
22:18Why Security-First Development Helps You Ship Better Software Faster
Michael Wildpaner
27:32Security Pitfalls for Software Engineers
Jasmin Azemović
From learning to earning
Jobs that call for the skills explored in this talk.
Security Engineer - Scrum Master
SD Worx Staffing Solutions
Senior
Scrum
DevOps
Python
Powershell
Data analysis
Senior DevSecOps Engineer - Cloud, CI/CD & Security Automation ID10119-13
mund consulting AG
Senior
API
Bash
Azure
Scrum
DevOps
+10