As a developer, you play a crucial role in the security of your projects. At the same time, security is but one of the many responsibilities a developer has to fulfill these days. It almost seems like you have to be an expert in just about anything!

Thankfully, you don’t have to be a security expert to contribute to the security of your projects. In this talk, I will show you how to approach security systematically without feeling overwhelmed.

First, I will discuss some background on security theory and my take on the role of developers in security. While many of us are familiar with individual security practices, such as scanners and secure coding patterns, the bigger picture you get from zooming out helps you determine which security practices you should prioritize in your project. This discussion will include the difficult topic of advocating for security with product owners and stakeholders.

Then, I will introduce you to open-source industry standards, such as the OWASP DevSecOps Maturity Model, that you can use to start implementing security in your projects. Rather than feeling the pressure of having to reinvent the wheel, we can rely on the materials and frameworks that security experts have developed. Luckily for us, we’ll see that many of the best practices involve automation, leaving us with the time to actually develop the applications we’re supposed to be developing.

By the end of my talk, you will not be a security expert, but you should have enough pointers to get started with security!