The relationship between security and development has been evolving for a while now, but not fast enough. The urgent needs of some organisations, and the urgent wants of some development teams have created even higher pressure on the relationship to support earlier integration over end of delivery reporting and enablement over chastisement. Underpinning all of this is a fundamental need for security professionals to be ingrained in how teams today support lowering Mean Time To Recovery (MTTR) over increasing Mean Time Between Failures (MTBF). At the same time, development teams who are so used to the “move fast and break things” mentality need to learn how to identify areas of higher risk because security breaches can shutter the doors of a business. I plan to share my experiences working with a few different organisations in highly regulated and high visibility industries as they (mostly) successfully pulled security and development closer together to achieve a shared vision and a better overall outcome while moving infrastructure to the cloud.
Abby is currently working at ThoughtWorks where over the last 6 years she has had the opportunity to work in a variety of domains, countries, and team dynamics. Throughout these experience it has become clear to her that while the technical requirements of each domain and tech stack can be challenging, team practices and team ownership have a much deeper impact on the end deliverable.