Session Description

Culture is not something that can be purchased or fast-tracked. Especially when it comes to security culture, when “blocking” has been the nature of security. Building a security culture as an organizational enabler requires redefinition and consistent iteration as the organization in which it exists evolves.

This discussion will focus on the set of practices and principles to facilitate such changes. Including, but not limited: to moving from ultimate security to pragmatic security; enabling instead of blocking; saying yes to generate mindful risk acceptance.

At the end of this discussion participants will have been introduced to some of the concepts such as introducing security requirements early, leveraging test automation, and implementing security-by-design. They will learn how using Lighthouse projects with security sprints and bug bounties to reduce security debt, and socialize security and create synergies within your organization.