Concrete Steps to Create a Security Culture

Presented at BSidesSF 2019, March 4, 2019, 2:50 p.m. (30 minutes).

Who's got time for any of this "culture" business? The security team has more trash fires than they can handle. No one is listening to their warnings! As it turns out, security culture plays a pivotal role in the health of your organization's security. In this talk I'll go over why I invest so heavily in creating a culture of security at my organization, 10–20 concrete examples of things I do that are easily replicable, my overarching strategy for changing culture, and what it means to measure success when talking about something as intangible as culture.

Presenters:

  • Arkadiy Tetelman - Lob
    Arkadiy is a security engineer, currently running the security program at Lob and previously working on application security at Airbnb, Twitter, and CardSpring. Arkadiy is passionate about all things appsec, including running bug bounty programs, static analysis, building secure-by-default frameworks, and vulnerability management and prevention at scale. He graduated from UC Berkeley with degrees in Computer Science and Applied Mathematics.

Links:

Similar Presentations: