Slides are online from my talk at RSA this year titled “Building an Application Security Program with Sun Tzu, The Dalai Lama and Honey Badger.” This was based on a joke I made a while back with some folks that security professionals seemed to really enjoy the tough-guy war metaphors of Sun Tzu, but they’d probably make more progress in their organizations if they spent a little more time emulating the Dalai Lama. So I sent in an abstract and the RSA Crowdsourced Talks folks picked it up. I would argue that this applies to all of information security, but especially to folks trying to roll out application security programs because of the need to get development teams on your side. Kind of a flies with honey/flies with vinegar decision. In any case, slides are online here:
Abstract: Security pros love quoting Sun Tzu, but war-based metaphors fail with development teams because, HONEY BADGER. Instead, security teams must understand how development teams work. Accordingly, security managers should immerse themselves in the Dalai Lama’s lessons. Understanding how developers manage themselves, tools they use and their rewards is crucial to building an effective application security program.
Contact us if you’d like you’d like some support helping your development teams reach enlightenment.