Over the past decade, how software is written has changed drastically, with widespread adoption of Agile, DevOps, and cloud providers, among other shifts.

These changes have required security teams to adapt. I believe we’re in the middle of a significant shift in how security teams operate and prioritize their limited budget and person-time.

One key shift is that modern application security teams are deemphasizing trying to Find All The Bugs, and instead are focusing on providing developers with frameworks and services with secure defaults (“guard rails”) so that developers can build features quickly and securely. When done correctly, combining secure defaults and lightweight checks can enable organizations to solve *classes* of vulnerabilities by construction, preventing bug whack-a-mole.

This talk will explore the power of secure defaults and how to embrace them in your company. We’ll also discuss how this same approach and mindset can be used to raise code quality (e.g. performance, robustness, correctness) and code standards across your org, help onboard new developers more quickly, and more.

Lastly, as good working relationships are more important than ever, we’ll also cover how security teams can take a customer-centric approach to supporting their engineering colleagues, and how developers can effectively work with their colleagues in security.