A Worldwide Journey to Build a Secure Development Environment

Explore the journey of building a Secure Development Environment (SDE) in this 46-minute conference talk from RSA Conference. Join Dawn Cappelli, VP and CISO, and Geoffrey Storms, Director of Operations and Security at Rockwell Automation, as they share their experiences in designing and implementing an SDE for a global company developing various hardware and software products. Learn about the challenges faced in critical infrastructure environments, the importance of protecting crown jewels, and how to balance security with productivity. Discover insights on proper planning, change management, collaboration, and the tiered approach to SDE implementation. Gain valuable lessons on addressing insider risks, managing aging infrastructure, and fostering cultural adoption. Understand the concept of a Minimum Viable Product in security, the impact on developers, and strategies for reducing attack surfaces and improving response times. This talk provides a comprehensive roadmap for organizations looking to jumpstart their own SDE initiatives while navigating the complexities of global development environments.

Introduction
Why is Rockwell Automation building a secure development environment
Our customers are operating in critical infrastructure environments
We have to protect our crown jewels
Ransomware from the Bay Area
Insider Risk Case
Dawn Capelli
The Boding Story
The Hurricane Story
Proper Planning
Aging Infrastructure
Change Management
Collaboration
Tiers of SDE
Minimum Viable Product
Developers Are Happy
Action Plan
Attack Surface
Response Time
Security Levels
Development Resources
Office Environment
Tipping Point
Sequence
Rockwell Automation
Tiers
Organizational constructs
New initiative
Cultural adoption
Working around the system
Cut to the chase