Playbook on How to Be the First Security Engineer at a Company

Discover essential strategies for becoming the inaugural security engineer at a company in this 46-minute conference talk from 44CON Information Security Conference. Learn how to make an immediate impact, implement secure practices, and establish effective documentation processes. Explore data storage guidelines, education techniques, and methods for fostering developer empathy. Gain insights into automation, alert systems, and the build vs. buy decision-making process. Understand the responsibilities and perks of being a security champion, and delve into specific security initiatives such as Azure Security and iPad signing techniques. Prepare yourself for this crucial role by considering important factors before accepting the position and engaging in a Q&A session to address any lingering concerns.

Intro
DUO SECURITY
ELEVATE SECURITY
Objective
First things First
Make an impact early
Secure, Document, Repeat!
Data Storage guidelines
Education, Evangelism and Communication
Workshops and knowledge transfer
Developer empathy
Motivation
WHAT?
Responsibilities of the Security Champs
Perks of being a Security Champ
Advantages
Automation and Alerts
Build vs Buy
Azure Security
iPad signing Technique
CorpSec initiatives
Before you say Yes
Questions?