Engineering Empathy - Adapting Software Engineering Principles and Process to Security

Explore a live retrospective of a professional role reversal in this 40-minute Black Hat conference talk. Discover how software engineering principles and processes can be adapted to enhance security engineering teams. Learn from the experiences of a principal security engineer placed in a runtime team and a principal software engineer integrated into a platform security assessment team. Gain insights into software design principles like KISS, DRY, and TDD, as well as software engineering processes including prioritization, work planning, and customer interviews. Examine how DevOps culture and organizational changes can improve security practices through automation and shifting left. Enhance your understanding of the synergies between software engineering and security engineering to create more effective and efficient teams.

Intro
Learning from software engineers
Software design principles
KISS (keep it Small and Simple)
DRY (Don't Repeat Yourself)
TDD (Test-Driven Development)
Software engineering processes
Prioritization, work and capacity planning
Retrospectives
Customer interviews, user research
Devops culture and Organizational level changes
Remove toil through automation
Shifting left
Conclusion