Make Humans the Strongest Link in Security
“How can anyone be so clueless and leave those obvious security holes open?”
“They knew, we told the developers not to do this and they did it anyway.”
“The release was blocked by security.”
A short story that we witnessed all too often, in one variation or another. It’s sad, it’s frustrating, and it’s anything but helpful for anyone involved. But one thing is for sure: if trust had ever been there, it’s now lost for good.
Let’s turn this ship around. In this talk, we’ll draw a different narrative - one of well-founded trust. A culture where people have safe guardrails and paved paths, where doing the secure thing is the easy thing. Where everyone knows what makes certain choices the better options and where they make informed decisions together, across roles. Where people are supported by good systems, and at the same time present the decisive factor between a successful attack and a failing attempt. We’ll also show concrete techniques and approaches to get closer to this vision, step by step - and we’ll start by putting people first. Security impacts everyone, so let’s make it a positive one.
In today’s world, people and technology are interrelated and intertwined in complex ways. We’re living in socio-technical systems, we’re building socio-technical systems together, and we need to keep socio-technical structures in mind to secure these systems well enough. Humans can be the strongest link in this if we empower and enable them to do so. For security and quality alike.