Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers presented at BsidesCleveland 2016

by Eric Mikulas,

Summary : The relationship between security professional, and developers often seems adversarial. In this presentation I will be discussing the problems, work-flows and end-goals from the developer and security professional's viewpoint.
I will discuss in depth, the pressures and business needs that often drives development cycles. We'll also be talking about the mind-set of the successful developers you can easily win over, how to do it, and how to expand this to all development teams.
We Security Professionals are also not without fault. Our approach of tracking issues, and throwing tools at the problem just isn't working. I'll be talking about my experiences within different organizations, and how minor adjustments can gain wider acceptance and appreciation for security teams within the organization.
It is hoped by spreading understanding what drives a developer's mindset, as well as the development process, we as security professionals can help them, and ourselves. In outlining the problem, as well as filling in the gaps for those who lack development experience, we can bring security and development onto one team.