Sharing Security Secrets_ How to Encourage Security Advocates (1).pdf

1、Cailyn EdwardsShopifySharing Security Secrets:How to Encourage Security Advocates1.The Basicsa.Whatb.Whoc.Why2.Howa.Mangersb.Individual Contributors3.Examplesa.Security Reviewsb.Security Self AssessmentsCailyn EdwardsSenior Infrastructure Security EngineerWhat are security advocates?“Cybersecurity a

2、dvocates attempt to reduce exposure to cyber attacks by promoting security best practices and encouraging security adoption.”Cybersecurity Advocates:Discovering the Characteristics and Skills for an Emergent RoleWho are(should be)security advocates?ok.waitThey dont have to be cybersecurity experts-o

3、r even work in a security orgWe cant do it allWhy do we need security advocates?We are small fish in a big pond.Photo by zhengtao tang on Unsplashhttps:/ integrating security as early as possible throughout the development lifecycle,or even earlier with interactive developer training,security organi

4、zations can enable preventative security rather than reactive security-Cloud Native Security Whitepaper v2 What can managers do?Photo by Ameer Basheer on UnsplashWhat can ICs do?Be security advocates themselves.Consult-dont dictate.EducateFocus points when planning a security education talk at your

5、companyHow does security work in your company?Whats the size?Are the multiple teams with varied responsibility?orci.explain the security orgWhat tools do you use internally for security?How can attendees use them more effectively?orci.go over security toolsDont assume any prior knowledge.Go over the

6、 basics,limit acronyms and make sure everyone leaves knowing what cyber security is.orci.cover the basicsThis is a great way to teach non security folks to look at their services through a security mindset!It can also lead to actionable solutions.orci.how to threat modelWhat security incidents has y