Being Powerful While Powerless - Elevating Security By Leading Without Authority

Explore strategies for elevating security by leading without authority in this 39-minute OWASP Foundation conference talk. Discover how to be powerful while powerless as the sole member of a security team, tackling extensive responsibilities and challenges. Learn technical approaches such as shifting left, writing code, automating processes, and implementing vulnerability management. Gain insights into cultural strategies, including identifying key stakeholders, maintaining authenticity, and teaching diverse classes. Examine real-world examples of success, like reducing phishing email clicks and collaborating effectively with engineers. Address the complexities of security leadership, including conflict resolution, priority management, and navigating difficult situations in both on-premises and cloud environments.

Introduction
Being the only member of the security team
What responsibilities I had
How much work is involved
What was up against me
Technical strategies
Push left
Writing code
Automating
Code Analysis
Vulnerability Management
Pentesting
Bug Bounty
Cultural Strategies
Key Stakeholders
Everything is okay
Be authentic
Be accessible
Teach different classes
When all of this works
Example
Not clicking on phishing emails
Working with engineers
Its not easy
Technical perspective
Cultural perspective
Being powerful while powerless
Conclusion
Does this work yet
Dealing with conflict
Premise or cloud
Difficult players
Managing priorities