Security by Stealth
Gwen Diagram at Agile on the Beach 2019
Security isn’t very fun for development teams to think about. In her talk from AOTB 2019 Gwen Diagram looks at how to change the perception and approach to security. It’s complex and something that isn’t brought to mind when considering requirements and too often, it is neglected by teams and left to the end for penetration testers to consider. But, it doesn’t have to be. Security can be considered early in the development cycle. How can we encourage this behaviour? How can you get development teams interested?
Security is an important skill to possess while delivering quality software. The cost of not having security skills within teams is now more obvious than ever. Security should be in the forefront of development teams minds. Even with these risks, data leaks and denial of service attacks are in the headlines often. How do we stop our companies being another statistic?
Learning should not be compulsory. Especially if you want something to become part of the culture. Beginning with a simple workshop to expanding to a security guild, people were eager to be involved. This lead to further workshops which included the basics of threat modelling using STRIDE to the complexity of automated checks. Security at Sky became not only fun but cool. Security was no longer a rarely thought about requirement but a fun, oft thought about need.
BIOGRAPHY
Gwen Diagram is a technology professional from Leeds who specializes in testing. She is an avid automation evangelist with a focus on testing complemented by repeatable build processes with monitoring. She has had varied roles throughout her career including Scrum Master at a Start Up and DevOps kid at a large Financial Services organisation. She is currently Principal Test Engineer at Sky in Leeds focusing on automation throughout the product and helping to make teams within Sky awesome places to work.
As a strong believer in making the tech industry as open and punk as possible, she co-organises a twice yearly free day long testing conference called the Leeds Testing Atelier. She speaks regularly at local meet-up groups, Agile Yorkshire and Leeds DevOps, duels with creative types at events like the Tech Off, speaks internationally at conferences such as Nordic Testing Days in Tallinn and was the closing keynote at Agile on the Beach in Falmouth, UK in 2018.
Outside of work, you will usually find her hanging around a Natural History Museum somewhere in the world marvelling at how incredibly excellent dinosaurs are, feeding pigeons or ducks or shouting as the singer in a band.
Security is an important skill to possess while delivering quality software. The cost of not having security skills within teams is now more obvious than ever. Security should be in the forefront of development teams minds. Even with these risks, data leaks and denial of service attacks are in the headlines often. How do we stop our companies being another statistic?
Learning should not be compulsory. Especially if you want something to become part of the culture. Beginning with a simple workshop to expanding to a security guild, people were eager to be involved. This lead to further workshops which included the basics of threat modelling using STRIDE to the complexity of automated checks. Security at Sky became not only fun but cool. Security was no longer a rarely thought about requirement but a fun, oft thought about need.
BIOGRAPHY
Gwen Diagram is a technology professional from Leeds who specializes in testing. She is an avid automation evangelist with a focus on testing complemented by repeatable build processes with monitoring. She has had varied roles throughout her career including Scrum Master at a Start Up and DevOps kid at a large Financial Services organisation. She is currently Principal Test Engineer at Sky in Leeds focusing on automation throughout the product and helping to make teams within Sky awesome places to work.
As a strong believer in making the tech industry as open and punk as possible, she co-organises a twice yearly free day long testing conference called the Leeds Testing Atelier. She speaks regularly at local meet-up groups, Agile Yorkshire and Leeds DevOps, duels with creative types at events like the Tech Off, speaks internationally at conferences such as Nordic Testing Days in Tallinn and was the closing keynote at Agile on the Beach in Falmouth, UK in 2018.
Outside of work, you will usually find her hanging around a Natural History Museum somewhere in the world marvelling at how incredibly excellent dinosaurs are, feeding pigeons or ducks or shouting as the singer in a band.