Nazneen Rupawalla
Organizational Change Through The Power Of Why - DevSecOps Enablement
#1about 3 minutes
Why traditional security engagement creates bottlenecks
Security teams become a bottleneck when accountability is misplaced and feedback is provided too late in the development cycle.
#2about 1 minute
Creating a center of excellence for security
A center of excellence was established to make security planning scalable, measurable, and easier for teams to adopt.
#3about 3 minutes
Integrating security into existing team workflows
A security champion program and mapping controls into project management tools like Trello helps embed security into daily work.
#4about 4 minutes
Structuring security controls with the power of why
Each security control is framed with a 'why' to provide business context and a 'how' with actionable steps and tools.
#5about 3 minutes
Automating security tooling within the SDLC
Security tools for SAST, runtime security, and cloud misconfigurations are integrated into the CI/CD pipeline as acceptance criteria for controls.
#6about 2 minutes
Visualizing security progress with data-driven dashboards
Data from Trello boards is automatically collected via webhooks to create dashboards that track team progress on security controls.
#7about 3 minutes
Creating a security maturity model for leadership
Team-level data is aggregated into a high-level security maturity model to give leadership visibility and drive accountability.
#8about 1 minute
Building an effective security champion program
Nominating champions through tech leads, rather than relying on volunteers, increases the program's impact and motivation.
#9about 1 minute
Key takeaways for building a security culture
Explaining the 'why' behind security empowers teams to take ownership, while relationship building and automation are key to cultural change.
#10about 3 minutes
Q&A on program implementation and threat modeling
The discussion covers the program's 1.5-year implementation timeline, managing high-impact risks, and doing threat modeling every iteration.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
03:08 MIN
Shifting security left with collaborative threat modeling
We adopted DevOps and are Cloud-native, Now What?
02:54 MIN
Why security teams must scale through developer collaboration
Building Security Champions
05:31 MIN
From vulnerability researcher to automated security founder
The transformative impact of GenAI for software development and its implications for cybersecurity
08:08 MIN
How to shift left with a security champions program
Stranger Danger: Your Java Attack Surface Just Got Bigger
02:20 MIN
Why security is a shared responsibility for every role
What The Hack is Web App Sec?
03:15 MIN
Scaling AppSec teams by empowering developers
Why Security-First Development Helps You Ship Better Software Faster
01:17 MIN
Fostering a developer-first security culture
Walking into the era of Supply Chain Risks
04:25 MIN
Balancing developer and stakeholder security priorities
What The Hack is Web App Sec?
Featured Partners
Related Videos
48:02Building Security Champions
Tanya Janca
16:00DevSecOps culture
Ali Yazdani
23:34Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together
Stefania Chaplin
27:36Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?
Tino Sokic
21:53Simple Steps to Kill DevSec without Giving Up on Security
Isaac Evans
42:40Building Security Champions
Tanya Janca
27:32Security Pitfalls for Software Engineers
Jasmin Azemović
22:18Why Security-First Development Helps You Ship Better Software Faster
Michael Wildpaner
Related Articles
View all articles.gif?w=240&auto=compress,format)
.png?w=240&auto=compress,format)
From learning to earning
Jobs that call for the skills explored in this talk.
Peter Park System GmbH
München, Germany
Senior
Python
Docker
Node.js
JavaScript
Secura Knowledge Groups