Software as a service companies move so fast that they sometimes forget about the security basics. There is a common trend of ditching traditional corporate IT environments for unmanaged endpoints and a pile of SaaS services.
In order to continue to innovate you must adopt new technologies, languages, tools, ideas at some point. But security controls are often tightly coupled to the existing stack, and left behind with new development. How do we encourage continuous improvement while staying on top of security?
This talk presents an open source tool to help define your collective minimum security goals. Empower teams to design on their own with security in mind. Resulting in a pragmatic security approach for modern fast moving companies.