Security Omnipresence: Infiltrating Every Level of a Mature Development Lifecycle presented at Converge 2014

by Marion Nepomuceno,

Summary : It’s easy for a security professional to feel like he’s alone, especially when there are already mature processes in place designed to function without him. And if he does finally break into the development lifecycle, he certainly can’t be everywhere at once. Or can he? We’ll show you how we infiltrated the development lifecycle, spread the message of security, and recruited shadowy agents of change to achieve security omnipresence. This presentation tells the story of how we were able to integrate concepts from the MS security development lifecycle into the long-established processes in our company. We’ll talk about how the initiative started independently in 2 departments for different reasons, yet we combined all our efforts to create a very effective and customized security program.