Engineering Empathy: Adapting Software Engineering Principles and Process to Security

Channel:
United States All Hacking Cons
Subscribers:
6,410
Published on ● Video Link: https://www.youtube.com/watch?v=OpCKUiM-LXk


Duration: 40:06
2 views
0

Craig Ingram | Principal Security Engineer, Salesforce
Camille Mackinnon | Principal Infrastructure Engineer, Salesforce
Date: Wednesday, August 5 | 11:00am-11:40am
Format: 40-Minute Briefings
Tracks: Defense, Community

Software engineering has a lot to teach our 'security engineering' teams - this session will be a live retrospective of a professional role reversal - dropping a principal security engineer into a runtime team, and placing a principal software engineer into the platform security assessment team.

We've got stories and live object lessons.

Attendees will return to work knowing exactly how we have implemented these ideas to partner with engineering to protect a world-class platform as a service running millions of customer containers and data services. This session is aimed at both IC's and management.

Shifting left is a great marketing tagline.

The valuable work is changing your security team's principles, processes, and culture to align with the principles, processes, and culture of your organization's software engineering teams allows you to develop empathy for their constraints, tools, and processes. It also allows you to build your own tools, processes, and requirements in ways that are more actionable, realistic, and easier to understand and implement.

Black Hat - USA - 2020 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-09EdTech- The Ultimate APT
2022-01-09HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges
2022-01-09Making an Impact from India to the Rest of the World by Building & Nurturing Women Infosec Community
2022-01-09Election Security: Securing America's Future
2022-01-09Breaking Brains, Solving Problems: Lessons Learned from Two Years for InfoSec Professionals
2022-01-09Emulating Samsung's Baseband for Security Testing
2022-01-09Hunting Invisible Salamanders: Cryptographic (in)Security with Attacker-Controlled Keys
2022-01-09Mind Games Using Data to Solve for the Human Element
2022-01-09Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot
2022-01-09I calc'd Calc - Exploiting Excel Online
2022-01-09Engineering Empathy: Adapting Software Engineering Principles and Process to Security
2022-01-09Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
2022-01-09Breaking VSM by Attacking SecureKernel
2022-01-09Escaping Virtualized Containers
2022-01-09Experimenting with Real Time Event Feeds
2022-01-09My Cloud is APT's Cloud Investigating and Defending Office 365
2022-01-09Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers
2022-01-09EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
2022-01-09Exploiting Kernel Races through Taming Thread Interleaving
2022-01-09Needing the DoH: The Ongoing Encryption and Centralization of DNS
2022-01-09Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
protection
network
fraud
malware
secure
software
access
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Craig Ingram
Camille Mackinnon
defense
community
IC