A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers - Eric Mikulas Bsides Cleveland 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers
Eric Mikulas

The relationship between security professional, and developers often seems adversarial. In this presentation I will be discussing the problems, work-flows and end-goals from the developer and security professional's viewpoint. I will discuss in depth, the pressures and business needs that often drives development cycles. We'll also be talking about the mind-set of the successful developers you can easily win over, how to do it, and how to expand this to all development teams. We Security Professionals are also not without fault. Our approach of tracking issues, and throwing tools at the problem just isn't working. I'll be talking about my experiences within different organizations, and how minor adjustments can gain wider acceptance and appreciation for security teams within the organization. It is hoped by spreading understanding what drives a developer's mindset, as well as the development process, we as security professionals can help them, and ourselves. In outlining the problem, as well as filling in the gaps for those who lack development experience, we can bring security and development onto one team.

Eric Mikulas is a reformed developer with over 15 years of professional software development experience crossing various industries. Being raised by an Electrical Engineer, and learning to solder, and read schematics before being able to cursive write, he was raised by technology and never though twice about seeing what was behind the curtain. After being promised cookies, He made the jump onto the dark side, that is security by being becoming a Subject Matter Expert for development teams who lacked the understanding to address security concerns. He is presently a Penetration Tester. Eric is still waiting for the cookies.

Back to Bsides Cleveland 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast