Security at Scale: Building and Scaling Effective Security Teams

Explore security strategies at scale in this 54-minute conference talk from Google's Security @ Scale 2014 event. Learn how Chris Evans built and scaled the security team for Chrome, the world's most heavily used web browser. Discover innovative approaches to security, including leveraging the broader security community, implementing transparent practices, and utilizing machine resources intelligently. Gain insights into the challenges of managing security for large-scale projects, the benefits of removing intermediaries, and the importance of going the extra mile. Examine real-world examples from the security war room, including responses to VUPEN and Flash JIT spray protection. Understand why security is not a zero-sum game and how to effectively scale security efforts using both human and machine resources.

Intro
The hopelessness of a security team?
Difference: Fix it yourself!
Difference: Celebrate the community
Stats :: VRP launch 1 :: Chromium
Difference Security is not a zero-sum game
Difference: Be transparent
Difference: Remove the middle man
Difference Remove the middle man
Difference: Go the extra mile
Tales from the war room
War room :: VUPEN :: response
Flash JIT spray protection rampage
Difference Scale intelligently using machine resources