A client recently asked how they could improve their security culture. It's not an easy (or even always achievable) task to build the kind of security culture you might want. This post introduces a content series that is intended to help bring security to developer teams.
The Series
The Jemurai Security Culture Campaign Series will be a stream of topical content intended to help developers think about security in a particular area. The content will be available in associated videos, podcasts and blog posts.
- Short (1 min) YouTube videos
- Podcast audio on:
- [Apple Podcasts]()
- [Spotify]()
- Tune In
- Google Play
- Stitcher
It will also be integrated into our securityprogram.io platform.
Click here for the first video, an introduction to the series.
campaigning
Of course, really making security part of an organizational culture means a lot more than just having content and giving some cycles to security.
It also means that:
- When developers say they need time to work on security, they get it
- There is broad tool support
- Questions and issues are treated as opportunities for improvement
- Testing is automated and encouraged
- Stakeholders understand how the systems might be misused
- People are continually learning
It typically takes ongoing effort over a period of time and relationship building as well.
We hope that the content here will be a part of helping dev teams to build a security positive culture.
References