Secure-enough software is a must-have, but there are never enough experts to work with every team, and solve every problem.

A solution is centralised control and managed releases that push product engineers out of ownership of both their product's security and their software operation. Other orgs risk the land-of-do-as-you-please, hoping their engineers make good enough choices with what they know to keep the business safe. Trust, enablement, and partnerships are rarely on the menu.

In the early 2020s, I had the opportunity to solve this problem. Valuing autonomy and flow in software delivery as much as solid security, I took a different approach: treating security as a platform, to support and enable engineers and the company.
This talk will demonstrate how a small team of engineers had a big impact on security across a set of engineering teams. And how Product Squads can grow to co-own security with an organisation’s IT stakeholders, so that teams can keep shipping features, whilst becoming more secure.

This talk will present how you can build a developer enablement platform formed of security knowledge and tools. How providing Paved Paths can engage with your engineering teams to guide them to own product security, and empowering them to make timely, educated, and informed decisions. This talk provides a map of the journey we took, the values we lived and what we learnt on the way.

It will help you build places in your culture where security can blossom, and you can deliver more safety.