icon-carat-right menu search cmu-wordmark

Building a Culture of Security in a Developer's Company

Presentation
This presentation by Paul Molin of Theodo was given virtually at DevSecOps Days Washington D.C. 2021 on December 16, 2021.
Publisher

Software Engineering Institute

Topic or Tag

Watch

Abstract

In a world where developers are required to deploy more and more frequently in production, maintaining a sufficient level of security is essential. How do you train a hundred or so developers to take security into account at every stage of the development cycle?

For more than three years, I've been leading a team responsible for helping our developers build secure applications from the design stage based on the concept of "communities of practice". During these two years, I've been able to try several approaches and different formats that have allowed us to build a community of 10 people and lead to the creation of enablers such as XSS and access control flaws detection tools.

In this talk, I will present our successes and failures: the difficulties to make the community grow, the creation of exercises on OWASP standards, the writing of a newsletter, and our 3S quality framework... You will leave with a bunch of tips to create a DevSecOps culture among your developers with the help of your own community of practices!

Paul is Tech Lead and Web Application Security Evangelist at Theodo. After training in information systems security at Télécom ParisTech, he joined Theodo in 2013 where he became passionate about web development and security. Convinced that it is developers who will succeed in changing the world of security, he continues to develop and is fascinated by Serverless.

He is the leader of the security guild at Theodo and has trained about a hundred developers in security.

Watch the video on YouTube.