SHIFT left, not S#!T left - How to launch your shift left security effort | Larry Maccherone

Larry Maccherone

Launch your shift left security effort by transforming your organization's approach to security, from policing to coaching, and empower developers to take ownership of cybersecurity.

Key takeaways
  • Focus on building a culture of security by coaching, not policing
  • Identify the bottleneck in the development process and address it
  • Empower developers to take ownership of security by making it their responsibility
  • Automate security testing and vulnerability management to reduce manual workload
  • Use gamification and leaderboards to encourage teams to improve security practices
  • Focus on improving the most valuable 1-3 practices first, rather than trying to implement all practices at once
  • Measure the effectiveness of security efforts and adjust as needed
  • Shift the focus from manual security audits to automated testing and continuous monitoring
  • Use the concept of “coaching” rather than “cajoling” to encourage developers to adopt security practices
  • Use the idea of “theory of constraints” to identify and address bottlenecks in the development process
  • Measure the effectiveness of security efforts and adjust as needed
  • Focus on building a culture of security by coaching, not policing
  • Use the idea of “theory of constraints” to identify and address bottlenecks in the development process
  • Empower developers to take ownership of security by making it their responsibility
  • Automate security testing and vulnerability management to reduce manual workload
  • Use gamification and leaderboards to encourage teams to improve security practices
  • Focus on improving the most valuable 1-3 practices first, rather than trying to implement all practices at once
  • Measure the effectiveness of security efforts and adjust as needed