We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SHIFT left, not S#!T left - How to launch your shift left security effort | Larry Maccherone
Launch your shift left security effort by transforming your organization's approach to security, from policing to coaching, and empower developers to take ownership of cybersecurity.
- Focus on building a culture of security by coaching, not policing
- Identify the bottleneck in the development process and address it
- Empower developers to take ownership of security by making it their responsibility
- Automate security testing and vulnerability management to reduce manual workload
- Use gamification and leaderboards to encourage teams to improve security practices
- Focus on improving the most valuable 1-3 practices first, rather than trying to implement all practices at once
- Measure the effectiveness of security efforts and adjust as needed
- Shift the focus from manual security audits to automated testing and continuous monitoring
- Use the concept of “coaching” rather than “cajoling” to encourage developers to adopt security practices
- Use the idea of “theory of constraints” to identify and address bottlenecks in the development process
- Measure the effectiveness of security efforts and adjust as needed
- Focus on building a culture of security by coaching, not policing
- Use the idea of “theory of constraints” to identify and address bottlenecks in the development process
- Empower developers to take ownership of security by making it their responsibility
- Automate security testing and vulnerability management to reduce manual workload
- Use gamification and leaderboards to encourage teams to improve security practices
- Focus on improving the most valuable 1-3 practices first, rather than trying to implement all practices at once
- Measure the effectiveness of security efforts and adjust as needed