Videos and online presentations are good, but nothing can really replace quality in-person meetups. Show as many demos as possible and don’t stick do overloaded PowerPoint presentations which put people to sleep.
It’s fine to share raw technical details as a recap materials, but while starting out you must make people excited about the subject, otherwise it’ll be just another corporate training which they’ve attended only because it’s obligatory.
Concept of purple teaming is something I felt in love with many years ago when I was experimenting with various ways to make myself more effective. Everything has changed — in a good way — when I started embracing culture of collaboration where attackers and defenders work together to create best possible way of securing the products.
We’re out there to help secure business by working with all stakeholders, not to just pwn stuff and laugh at people who made a mistake. Being a pwn-all-the-things rockstar asshole is overrated and while fun in short term, gives terrible results long-term.
Purple teaming for the win and let’s see how this great concept can be applied into day to day business operations that go beyond security red and blue teaming. Continue reading “Embrace DevSecOps | ESM part 6”→
Take baby steps to show everyone in your company that security doesn’t need to be tangled and complex. If you show people that it takes 3 clicks to secure their computer more, their mindset will change and they’ll be eager to implement more of such hassle-free solutions. Do the things that have the biggest ROI and lowest cost of implementation and then steadily increase the complexity of security requirements. Continue reading “Start small and early | ESM part 1”→