Come Together: A framework for a shared security language

Presented at Diana Initiative 2023, Aug. 7, 2023, 3 p.m. (60 minutes).

Have you ever tried to do data analysis on all your security issues – results from threat models, pen tests, risk assessments, security incidents, detections, etc. – only to find that no one is using consistent language? Does this impede conversations with product teams on issues, both slowing down development and resolution of issues? How do you bring everyone together? We’ll talk about how we approached this problem while staying focused on our objective to enable everyone to speak a common language to inform product decisions and solve security problems at scale. This talk will walk through the problem statement while engaging the audience through a simple exercise, walk through our approach and outcomes, where we are going next, and provide actionable steps for other security teams looking to replicate this approach.

Presenters:

• Lea Snyder - Microsoft
  Lea is a Principal Security Engineer at Microsoft. She’s worn a lot of hats over her career and mostly worked for companies that begin with the letter ‘A.’ You can read more at: <https://tldrsec.com/guides/staffeng-security/stories/lea-snyder>. Outside of work she can be found organizing security conferences or enjoying all the PNW has to offer.

Links:

• https://thedianainitiative2023.sched.com/event/1O5mB/come-together-a-framework-for-a-shared-security-language

Similar Presentations:

• Diana Initiative 2018 / A pragmatic approach for internal security partnerships
• Diana Initiative 2019 / Are we making our engineers blue?
• CarolinaCon Online 2 (2022) Virtual / Security is an Awesome Product Feature