Developers should be the first line of security defense. Security teams purchase secure coding classes and claim success. Hours of training does not change the developer mindset. When developers hear security, they respond as either unlearned, overworked, apathetic, or gung-ho. This session explores why developers reject security and provide a programmatic approach to answer the challenges.
The session begins with the problem space at a high level, answering why security is a stretch for developers, with four developer responses to security. Fictional backstories are created to connect with the audience and allow them to understand the stories in more depth. Then the foundation of the programmatic platform for change is explained, followed by specific guidance on how to reach and position security as relevant to each of the four responses. Next, a short discussion about measuring transformation, and the conclusion is a set of secrets to reaching developers.