Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Insecurity in Information Technology _full-length

226 views

Published on

Title: Insecurity in Information Technology

Abstract:
A lot is expected of software developers these days; they are expected to be experts in everything despite very little training.  Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This silo-filled, tension-laced situation, coupled with short deadlines and pressure from management, often leads to stress, anxiety and less-than-ideal reactions from developers and security people alike.
This talk will explain how job insecurities can be brought out by IT leadership decisions, and how this can lead to real-life vulnerabilities in software. This is not a talk about “feelings”, this is a talk about creating programs, governance and policies that ensure security throughout the entire SDLC.

No more laying blame and pointing fingers, it’s time to put our egos aside and focus on building high-quality software that is secure. The cause and effect of insecurities and other behavioral influencers, as well as several detailed and specific solutions will be presented that can be implemented at your own place of work, immediately. No more ambiguity or uncertainty from now on, only crystal-clear expectations.

Published in: Technology
  • Be the first to comment

Insecurity in Information Technology _full-length

  1. 1. Insecurity in Information Technology Tanya Janca TaJanca@Microsoft.com Tanya.Janca@owasp.org OWASP Ottawa Chapter Leader OWASP DevSlop Project Leader @SheHacksPurple
  2. 2. @SheHacksPurple
  3. 3. All of this creates the feeling of insecurity about people’s jobs and how to do them well. This leads to predictably negative behaviour.
  4. 4. Deviant Behaviour
  5. 5. Moral Disengagement
  6. 6. Reduced Job Involvement
  7. 7. Risk Taking Behaviour
  8. 8. Reduction of Organizational Citizenship Behavior (positive workplace activity and involvement)
  9. 9. All of this negative behavior leads to insecure software.
  10. 10. The Plan: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  11. 11. The Plan: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  12. 12. The Plan: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  13. 13. The Plan: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  14. 14. The Plan: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  15. 15. @SheHacksPurple
  16. 16. Start Security Earlier! Requirements Design Code Testing Release Push Left! @SheHacksPurple
  17. 17. Break security testing into smaller pieces
  18. 18. 1
  19. 19. 1
  20. 20. 1Provide free training to developers1-2
  21. 21. 2
  22. 22. (Off Colour) Job Shadowing
  23. 23. @SheHacksPurple
  24. 24. 1
  25. 25. 1
  26. 26. 2 Give Developers Security Tools! (They just might use them)
  27. 27. OWASP: Your new BFF!!! The Open Web Application Security Project
  28. 28. 2
  29. 29. 2
  30. 30. 2
  31. 31. A message for conferences No more “we’re screwed” keynotes.
  32. 32. 2
  33. 33. In Summary: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  34. 34. In Summary: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  35. 35. In Summary: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  36. 36. In Summary: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  37. 37. In Summary: 1. Support dev and sec team with processes, training, and resources so they can confidently get the job done. 2. Initiate and then maintain culture change.
  38. 38. It has to start somewhere…. Why not with you?
  39. 39. ANY QUESTIONS?OWASP Ottawa Chapter Leader OWASP DevSlop Project Leader @SheHacksPurple Tanya Janca TaJanca@Microsoft.com Tanya.Janca@owasp.org

×