Sharing Security Secrets: How to Encourage Security Advocates - Cailyn Edwards, Shopify
Abstract
The cloud can be a big scary place, and with malicious actors around every corner it’s important that security teams have the power they need to keep data safe, and services available. Although it can feel like we are alone in our mission, and sometimes security practices are seen as burdensome - it doesn’t have to be that way! If we can take the time and make the effort to share our security secrets, introduce teams to Alice and Bob and encourage a healthy amount of suspicion; we can create a company-wide culture that cares about security. We can’t be everywhere at once - so having others looking out for security risks in their work is invaluable. In this talk Cailyn and Ann will talk about their successes in educating non-security teams, and enlisting security advocates across Shopify. They will dive into some of the methods that were well received and talk about efforts that were not as successful. Cailyn will also talk about the new security review strategy that her team launched this year. You will walk away from this session with information and ideas on how to start a security advocates program in your organization.