This episode features all things security with our guest, Laura Bell Main, CEO & Founder @ SafeStack. She shares valuable strategies for building your security team & tool stack. We cover why security is a human problem based on human motivations, prioritization conversations for assessing risks, considerations for early-stage security teams, how behavior change & decision making impact security, and considerations for companies in the “messy middle” phase. Laura also addresses communicating about security in terms of tech debt, recommendations for incorporating security monitoring tools, how to measure those tools’ ROI, and more.
With over twenty years of experience in software development and information security, Laura Bell Main (@lady_nerd) specialises in bringing security into organisations of every shape and size.
She is the co-founder and CEO of SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, with a focus on building security skills, practices, and culture across the entire engineering team.
Laura is an experienced conference speaker, trainer, and regular panel member, and has spoken at a range of events such as BlackHat USA, Velocity, and OSCON on the subjects of privacy, covert communications, agile security, and security mindset.
She is also the co-author of Agile Application Security and Security for Everyone.
"The most important thing that we forget to tell folks when they're starting out in security is most of our tooling is about being more effective and efficient. It's not about doing something you can't do yourself. Security isn't about a magic box. I wish it was, it would be a lot easier if we could just buy a magic box. Done! Off we go to the beach, but what we have is a really human problem.”
- Laura Bell Main
Join us at ELC Annual 2023!
ELC Annual is our flagship conference for engineering leaders. You’ll learn from experts in engineering and leadership, gain mentorship and support from like-minded professionals, expand your perspectives, build relationships across the tech industry, and leave with practical proven strategies.
Join us this August 30-31 at the Fort Mason Center in San Francisco
SHOW NOTES:
- What to do about security if you don’t already have a security team (2:28)
- Security as a “human problem” in the scope of eng orgs (4:58)
- Why you need to understand human motivations (7:21)
- Prioritization frameworks & chaos engineering for assessing threats (9:14)
- Considerations for the early stages of forming a security org (11:47)
- Understanding security through a behavior change model (14:57)
- How to operationalize a security mindset within a software team (18:00)
- Examples of how decisions can flag security risks (20:50)
- Approaches for tracking & managing security as tech debt (23:20)
- Addressing security considerations as a “messy” middle-stage company (27:17)
- High friction aspects of security behavior change for eng orgs (30:51)
- Tips for knowing if you have the right security tool (34:41)
- How to evaluate the ROI of tools you’re considering (38:06)
- Methods for incorporating security monitoring into your current tool stack (39:32)
- Rapid fire questions (42:45)
LINKS AND RESOURCES
- The Body Keeps The Score - The inspiring story of how a group of therapists and scientists— together with their courageous and memorable patients—has struggled to integrate recent advances in brain science, attachment research, and body awareness into treatments that can free trauma survivors from the tyranny of the past.
- Open source checklist for high-growth CTOs
This episode wouldn’t have been possible without the help of our incredible production team:
Patrick Gallagher - Producer & Co-Host
Jerry Li - Co-Host
Noah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/
Dan Overheim - Audio Engineer, Dan’s also an avid 3D printer - https://www.bnd3d.com/
Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/