About the event
Burns Sheehan brought together leaders in Engineering to discuss the latest opportunties and challenges within Security in Engineering.
Date & Time: Tuesday 25th June 9am
Location: Burns Sheehan's London city centre office
Refreshments: a breakfast spread with tea, coffee & juices
This was an intimate event, giving our attendees the opportunity to expand their networks and bounce ideas off of other seasoned engineering leaders in the tech community.
We dug into:
1. Enhancing Security in Cloud Services: Sharing responsibility, embedding secure coding practices, and avoiding vulnerabilities.
2. Effective strategies to foster better buy-in from senior leaders and wider teams.
3. Product Security: Evaluating and selecting the right tools to ensure user protection & overall company security.
Massive thank you to Gel Goldsby, for moderating the session and to Matt Bye, Jon Thomas, Rich Pearce and Ian Kershaw for contributing your expert insights.
Some of the key take aways include:
💡 Prioritising Security in Engineering:
- Maintain transparency about security. When developers understand the broader security strategy and its importance, they are more likely to buy into the process and contribute effectively.
- Provide regular security training and awareness programs for developers. Ensure they understand common vulnerabilities, secure coding practices, and the latest security threats.
- Integrate security into the software development lifecycle (SDLC). Use practices such as code reviews, automated security testing, and continuous integration/continuous deployment (CI/CD) pipelines with built-in security checks.
- Foster a culture of collaboration between security teams and developers. Regularly communicate security policies, share insights from security audits, and encourage developers to ask questions and report potential issues.
💡AI & Security:
- Challenges with tools like ChatGPT in spreadsheets; skeleton templates are helpful.
- Do you have security benchmarking. Are you the least secure organisation on the street?
- Third-party reliance: Managing risks associated with third-party services (e.g., Snowflake breach). Not always relevant to your business but still key to remain in the loop on your vulnerabilities & what’s happening in the market.
💡Security in start-ups:
Start-ups face unique security challenges that can significantly impact their growth and sustainability. Ensuring robust security measures from the outset is crucial for mitigating risks and building a strong foundation, as you scale and grow.
- Early security configurations, including dependency scanning and penetration testing to identify and address vulnerabilities in third-party libraries and frameworks.
- Regular vulnerability scanning helps understand and detect and fix security flaws before they can be exploited in the long run.
- Educated employees are more likely to recognise and mitigate potential security issues, contributing to a proactive security culture. Regular workshops, seminars, and updated training materials can keep the team informed and vigilant.
🔗 Check out the full summary sheet here.
If you'd like to hear more and are interested in attending further events, please reach out to Senior Director Simon Evans.
Register your interest for future events
We would love to let you know about up & coming events, register below to be the first to know