Modern technology organizations move quickly, but speed often exposes friction between engineering teams and security and governance functions. Developers are focused on building reliable systems and shipping features, while security and risk leaders are responsible for identifying vulnerabilities, enforcing controls, and protecting the organization.

This session explores the real-world tension that occurs when security flags something as high risk and engineering teams respond with, “It’s working as designed.” Rather than framing this as a conflict, the discussion focuses on why these misunderstandings happen and how organizations can translate risk into operational context that engineers understand.

Drawing from practical governance and cyber risk experience, the session examines common scenarios where engineering priorities and security concerns collide. It will highlight how governance leaders can design frameworks that align with modern development practices, improve collaboration between security and engineering teams, and create shared accountability for risk.

Attendees will leave with practical strategies for bridging the gap between developers, security teams, and governance leaders while maintaining both innovation and security within modern technology environments.

Target Audience:
Developers, DevOps engineers, security professionals, GRC practitioners, and technology leaders responsible for balancing engineering velocity with security and risk management.

Session Level:
Intermediate. The session is designed to be accessible to technical and non-technical audiences working in engineering, security, or governance roles.

Preferred Session Duration:
30–45 minutes with optional Q&A.

Session Format:
Conference presentation with real-world governance and cyber risk scenarios. The talk focuses on practical strategies for improving collaboration between engineering teams, security functions, and governance leaders.

Technical Requirements:
Standard presentation setup with projector and microphone.

Prior Delivery:
This session is a new talk developed for upcoming conference submissions and has not yet been delivered publicly.