Sign up to save your podcasts
Or
Share Building your security team & tool stack w/ Laura Bell Main #146
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Building your security team & tool stack w/ Laura Bell Main #146
This episode features all things security with our guest, Laura Bell Main, CEO & Founder @ SafeStack. She shares valuable strategies for building your security team & tool stack. We cover why security is a human problem based on human motivations, prioritization conversations for assessing risks, considerations for early-stage security teams, how behavior change & decision making impact security, and considerations for companies in the “messy middle” phase. Laura also addresses communicating about security in terms of tech debt, recommendations for incorporating security monitoring tools, how to measure those tools’ ROI, and more.
ABOUT LAURA BELL MAINWith over twenty years of experience in software development and information security, Laura Bell Main (@lady_nerd) specialises in bringing security into organisations of every shape and size.
She is the co-founder and CEO of SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, with a focus on building security skills, practices, and culture across the entire engineering team.
Laura is an experienced conference speaker, trainer, and regular panel member, and has spoken at a range of events such as BlackHat USA, Velocity, and OSCON on the subjects of privacy, covert communications, agile security, and security mindset.
She is also the co-author of Agile Application Security and Security for Everyone.
"The most important thing that we forget to tell folks when they're starting out in security is most of our tooling is about being more effective and efficient. It's not about doing something you can't do yourself. Security isn't about a magic box. I wish it was, it would be a lot easier if we could just buy a magic box. Done! Off we go to the beach, but what we have is a really human problem.”
- Laura Bell Main
Join us at ELC Annual 2023!ELC Annual is our flagship conference for engineering leaders. You’ll learn from experts in engineering and leadership, gain mentorship and support from like-minded professionals, expand your perspectives, build relationships across the tech industry, and leave with practical proven strategies.
Join us this August 30-31 at the Fort Mason Center in San Francisco
For tickets, head to https://sfelc.com/annual2023SHOW NOTES:- What to do about security if you don’t already have a security team (2:28)
- Security as a “human problem” in the scope of eng orgs (4:58)
- Why you need to understand human motivations (7:21)
- Prioritization frameworks & chaos engineering for assessing threats (9:14)
- Considerations for the early stages of forming a security org (11:47)
- Understanding security through a behavior change model (14:57)
- How to operationalize a security mindset within a software team (18:00)
- Examples of how decisions can flag security risks (20:50)
- Approaches for tracking & managing security as tech debt (23:20)
- Addressing security considerations as a “messy” middle-stage company (27:17)
- High friction aspects of security behavior change for eng orgs (30:51)
- Tips for knowing if you have the right security tool (34:41)
- How to evaluate the ROI of tools you’re considering (38:06)
- Methods for incorporating security monitoring into your current tool stack (39:32)
- Rapid fire questions (42:45)
- The Body Keeps The Score - The inspiring story of how a group of therapists and scientists— together with their courageous and memorable patients—has struggled to integrate recent advances in brain science, attachment research, and body awareness into treatments that can free trauma survivors from the tyranny of the past.
- Open source checklist for high-growth CTOs
Patrick Gallagher - Producer & Co-Host
Jerry Li - Co-Host
Noah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/
Dan Overheim - Audio Engineer, Dan’s also an avid 3D printer - https://www.bnd3d.com/
Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
View all episodes
By The Engineering Leadership Community (ELC)
4.9
3434 ratings
This episode features all things security with our guest, Laura Bell Main, CEO & Founder @ SafeStack. She shares valuable strategies for building your security team & tool stack. We cover why security is a human problem based on human motivations, prioritization conversations for assessing risks, considerations for early-stage security teams, how behavior change & decision making impact security, and considerations for companies in the “messy middle” phase. Laura also addresses communicating about security in terms of tech debt, recommendations for incorporating security monitoring tools, how to measure those tools’ ROI, and more.
ABOUT LAURA BELL MAINWith over twenty years of experience in software development and information security, Laura Bell Main (@lady_nerd) specialises in bringing security into organisations of every shape and size.
She is the co-founder and CEO of SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, with a focus on building security skills, practices, and culture across the entire engineering team.
Laura is an experienced conference speaker, trainer, and regular panel member, and has spoken at a range of events such as BlackHat USA, Velocity, and OSCON on the subjects of privacy, covert communications, agile security, and security mindset.
She is also the co-author of Agile Application Security and Security for Everyone.
"The most important thing that we forget to tell folks when they're starting out in security is most of our tooling is about being more effective and efficient. It's not about doing something you can't do yourself. Security isn't about a magic box. I wish it was, it would be a lot easier if we could just buy a magic box. Done! Off we go to the beach, but what we have is a really human problem.”
- Laura Bell Main
Join us at ELC Annual 2023!ELC Annual is our flagship conference for engineering leaders. You’ll learn from experts in engineering and leadership, gain mentorship and support from like-minded professionals, expand your perspectives, build relationships across the tech industry, and leave with practical proven strategies.
Join us this August 30-31 at the Fort Mason Center in San Francisco
For tickets, head to https://sfelc.com/annual2023SHOW NOTES:- What to do about security if you don’t already have a security team (2:28)
- Security as a “human problem” in the scope of eng orgs (4:58)
- Why you need to understand human motivations (7:21)
- Prioritization frameworks & chaos engineering for assessing threats (9:14)
- Considerations for the early stages of forming a security org (11:47)
- Understanding security through a behavior change model (14:57)
- How to operationalize a security mindset within a software team (18:00)
- Examples of how decisions can flag security risks (20:50)
- Approaches for tracking & managing security as tech debt (23:20)
- Addressing security considerations as a “messy” middle-stage company (27:17)
- High friction aspects of security behavior change for eng orgs (30:51)
- Tips for knowing if you have the right security tool (34:41)
- How to evaluate the ROI of tools you’re considering (38:06)
- Methods for incorporating security monitoring into your current tool stack (39:32)
- Rapid fire questions (42:45)
- The Body Keeps The Score - The inspiring story of how a group of therapists and scientists— together with their courageous and memorable patients—has struggled to integrate recent advances in brain science, attachment research, and body awareness into treatments that can free trauma survivors from the tyranny of the past.
- Open source checklist for high-growth CTOs
Patrick Gallagher - Producer & Co-Host
Jerry Li - Co-Host
Noah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/
Dan Overheim - Audio Engineer, Dan’s also an avid 3D printer - https://www.bnd3d.com/
Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
More shows like The Engineering Leadership Podcast
View all
The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch
532 Listeners
Software Engineering Radio
272 Listeners
The Changelog: Software Development, Open Source
291 Listeners
a16z Podcast
1,084 Listeners
Software Engineering Daily
625 Listeners
HBR IdeaCast
1,833 Listeners
Soft Skills Engineering
284 Listeners
Thoughtworks Technology Podcast
42 Listeners
Masters of Scale
3,987 Listeners
Y Combinator Startup Podcast
233 Listeners
Practical AI
209 Listeners
The Stack Overflow Podcast
62 Listeners
No Priors: Artificial Intelligence | Technology | Startups
132 Listeners
HBR On Leadership
157 Listeners
AI + a16z
33 Listeners