Session Name: Your Developers Decide Your Security Posture, Not Your Security Teams
In many traditional enterprises, I have observed that security is regarded as the responsibility of the CISO/security office. They roll out new tools, and new policies, and adopt new frameworks. While that is good, and required, most such security initiatives fail at scale, when trying to be adopted by hundreds of teams across an enterprise. In today's world, they key to your enterprise is in the hands of the developers. No security initiative will succeed unless you involve the development team, and ensure that the security processes and frameworks do not conflict with developer experience or productivity. Only by pure collaboration between dev and security teams, can we achieve a truly secure organization, that is resilient to vulnerabilities and threats of all shapes and sizes. The idea is that after this talk, the audience should appreciate that security is no more a siloed function or independent unit within the enterprise, or the duty of a single horizontal team spread across multiple business entities. It is a collective responsibility, and security needs to be encoded into the DNA of development teams, with a strong focus on training them on security best practices, providing them the tools to maintain a strong security posture, but at the same time, ensuring that developer experience is not compromised in any way.
Currently working as an Assistant Director for Cloud Platform in EY GDS. Have overall 10-year experience in IT, with 5+ years in Cloud technologies. Before EY, I was working as a Cloud Solution Architect in Accenture and PwC India. I have worked with multiple enterprises in assisting them in their journey to the cloud , and also helped establish best practices for architecture and governance in the cloud.