Gwen Diagram - Security by Stealth
Security isn't very fun for development teams to think about. It's complex and something that isn't brought to mind when considering requirements. Too often, it neglected by teams and left to the end for penetration testers to consider. But, it doesn't have to be. Security can be considered early in the development cycle. How can we encourage this behaviour? How can you get development teams interested?
Security is an important skill to possess while delivering quality software. The cost of not having security skills within teams is now more obvious than ever. Security should be in the forefront of development teams minds. Even with these risks, data leaks and denial of service attacks are in the headlines often. How do we stop our companies being another statistic?
Learning should not be compulsory. Especially if you want something to become part of the culture. Beginning with a simple workshop to expanding to a security guild, people were eager to be involved. This lead to further workshops which included the basics of threat modelling using STRIDE to the complexity of automated checks. Security at Sky became not only fun but cool. Security was no longer a rarely thought about requirement but a fun, oft thought about need.