How to Transform Developers into Security People

Learn how to transform developers into security-minded professionals in this conference talk from Converge 2017. Explore the challenges of integrating security into software development, understand why traditional security approaches often fail, and discover effective strategies to cultivate a security-focused mindset among developers. Gain insights on influencing security culture, providing foundational lessons, and implementing practical techniques such as threat modeling, code review, and red teaming. Discover how to leverage automation, management education, and community building to create a more secure development environment. Apply these lessons to transform your development team into security champions and enhance your organization's overall security posture.

Introduction
Agenda
Software is eating the world
The average developer
Software eating the world
Why we cant do security
Security department
Security IQ
Developers are not monsters
Developers that think like security people
Embedding this mindset
How to reach developers
Start with why
Influence a security culture
Developers are the key
Research
Unfamiliar
Provide foundational lessons
Everyone is a security person
The overworked group
Automate
Management Education
The Apathetic Complacent
Shock Value
Compliance
Fun
Community
Most Common Response
Security Behavior
Security Habits
Learning
Experience
Security Community
Resource Planning Exercise
Threat Modeling
Code Review
Red Teaming
Response
Summary
Apply what youve learned
Quick summary
Happy hour