5 mins
You have 0 further articles remaining this month. Join LeadDev.com for free to read unlimited articles.

In partnership with

To create, protect, and maintain effective systems, engineering and security must work together.

New courses for 2023 Leadership course
graphic element

Engineering management and leadership group learning courses

Our courses provide you with the tools you need to solve real problems, implement and increase the impact of what you learn, and align your whole team.

Delivering secure, quality products at pace is the goal for any engineering team. But developers often feel like traditional security approaches are slowing them down, while security folks feel their work is being pushed to the bottom of the list.

Stackhawk

In this series, we explore how the two teams can build better relationships, support and influence each other from the sidelines, and create a modern, healthy security culture that benefits the software and everyone involved.

Episode 01: Overcoming security hurdles to push engineering velocity

How are engineering leaders in other organizations working effectively with security to deliver quality code, faster? In this panel discussion, a group of tech leaders came together to discuss how they navigate this tricky but critical relationship and find creative ways to reach their shared goals.

Featuring Nimisha Asthagiri (Principal Platform Strategist at Thoughtworks), Stevi Deter (Principal Software Engineer at DexCare), Jeremy Goldsmith (Head of Engineering at StackHawk), and Micheal Stahnke (VP of Platform at CircleCI), the panel explored:

  • How security processes can drive engineering velocity
  • Practical steps for collaboration between developers and security teams
  • How to empower your engineers to find and fix vulnerabilities in their own code
  • How to develop a culture of shared responsibility around your org’s security principles

Episode 02: Shifting left on security: Five steps to transformation

It’s time for a different approach to security, one that’s better aligned with the pace of modern engineering teams. In this article, Jeremy Goldsmith shares why we need to shift security out of the slow lane and into the fast lane (in other words, shifting left), with practical solutions for getting there.

From rethinking the role of security and embracing new tools to training and trusting developers and aligning security and engineering leaders around shared goals, Jeremy walks us through his five steps for building the security culture we need.

Episode 03: Supporting, influencing, and leading as a security practitioner

Advocating for security plans can feel like selling insurance; incidents happen all the time that prove the need for it but persuading people to invest can be a challenge. How can security folks demonstrate the value to developers and product teams focused on quick delivery and low costs?

In this article, Izar Tarandach shares how he successfully advocated for security by supporting, influencing, and leading engineering teams from the sidelines. The secret? Understanding and practicing the right kind of empathy.

Episode 04: Six ways security teams can build better relationships with engineering

Did you know that 52% of developers view security policies as a barrier to innovation? In this article, Shirish Padalkar argues that the best way to bridge this gap is by building better relationships between the two teams. And there are six things security folks can do to get started.

From empathizing with engineers and making realistic trade-offs to establishing their credibility and rewarding good security practices, Shirish shares everything security teams need to know to start building productive and positive relationships with engineers.

A final takeaway

Throughout the series, our authors and panelists agreed that at the heart of the security problem, there’s a people problem. Both engineering and security teams need to practice empathy, build trust, and learn to communicate. Building a collaborative security culture doesn’t happen overnight, but there are several things leaders can do to kickstart the process, starting with a change of attitude.

In the words of Jeremy Goldsmith, ‘Bringing security into the modern age of software engineering is not only possible, it is a reality, and more and more organizations are doing it. Whether your organization is primed for this type of transformation or has a lot of work to do, the best way to get started is to start.’

Stackhawk

Six ways security teams can build better relationships with engineering
Episode 04 Six ways security teams can build better relationships with engineering
The link is empty or disabled.