Security teams become a bottleneck when accountability is misplaced and feedback is provided too late in the development cycle.
A center of excellence was established to make security planning scalable, measurable, and easier for teams to adopt.
A security champion program and mapping controls into project management tools like Trello helps embed security into daily work.
Each security control is framed with a 'why' to provide business context and a 'how' with actionable steps and tools.
Security tools for SAST, runtime security, and cloud misconfigurations are integrated into the CI/CD pipeline as acceptance criteria for controls.
Data from Trello boards is automatically collected via webhooks to create dashboards that track team progress on security controls.
Team-level data is aggregated into a high-level security maturity model to give leadership visibility and drive accountability.
Nominating champions through tech leads, rather than relying on volunteers, increases the program's impact and motivation.
Explaining the 'why' behind security empowers teams to take ownership, while relationship building and automation are key to cultural change.
The discussion covers the program's 1.5-year implementation timeline, managing high-impact risks, and doing threat modeling every iteration.
16:00Ali Yazdani
42:40Tanya Janca
32:55Natale Vinto
41:51Jemiah Sius
34:46Bruno Amaro Almeida
45:08Moataz Nabil
48:02Tanya Janca
23:34Stefania Chaplin
.gif?w=240&auto=compress,format)
Jobs that call for the skills explored in this talk.
Tamarind Intelligence
Barcelona, Spain
NTT DATA Österreich GmbH
Saransh Inc
Charlotte, United States of America
BlueWater Federal Solutions
Montgomery, United States of America
DevSecOps, Inc.
San Diego, United States of America
