Session Name: Championing Proactive Security for Agile Development Through Sec Champs
The world is shifting from waterfall to Agile ways of development and technology is changing fast. Amidst all this, security teams are not able to keep up with this pace. This has led to an increase in the number, size, and frequency of breaches & supply chain attacks. In this talk, we discuss how to hack the developer mindset to Build Security into the product/application; also, the methods and means to make it effective at scale. Here, I discuss the actual outcomes of this approach and present learnings from the successful execution of the ‘Security Champions Program’ that I designed & drove at scale. This program proved to be effective and was run for ~ 200 teams comprising ~3000 developers and continues to grow. During this process, we captured hundreds of threats ~650, taking them through a structured approach to track, manage and mitigate these issues on their project/DevOps dashboard. We also share what are the key metrics to measure, security mindset indicators, and what good looks like when Security is everyone's responsibility.
She is working as the Security Practice Lead at Thoughtworks India. Her area of work includes maturing the security practice along with timely threat identification, vulnerability management, assessment, security capability building & automation with the goal of Building Security Into the application ecosystems. She is an OSCP and has spoken/trained at various security conferences such as BlackHat(Trainer, BIH-2017), speaker- c0c0n, rootconf & BSidesDelhi and organised villages at DefCon(Recon Village-2017) and Nullcon(Social Engineering Village: 2016-18). She started & organised corporate security conference for Thoughtworks - SecConf(www.secconf.org). She is also on the review board for NullCon, bsidesSG & CySEK Marketplace.