OWASP 2023 Global AppSec Washington, DC

In today’s technology and business landscape, security is a critical component of any successful organization. However, driving the goals of a security organization can be challenging, particularly when that organization resides in a separate line of business than the product engineering organization they wish to influence. The speakers will discuss how to leverage several key concepts of “influencing without authority” to successfully partner with non-security stakeholders and drive the strategic objectives of a security organization.

This talk will explore the telltale signs of the security “Department of No,” well-meaning obstructionists who too often impede the larger business through bureaucracy, and how to shift security practices to empowering the organization through measured, contextual security achievements and partnered collaboration with the rest of the business.

This is not a practice relegated to startups with limited concerns nor only achievable by large institutions with a commensurately large security staff. The security “Department of Yes” is tangible and achievable for organizations of all sizes, including heavily regulated programs.

The speakers will outline several key concepts of influencing without authority and provide practical examples of how these concepts can be applied to a security organization to increase their influence and drive the adoption of security best practices. The talk will also delve into common challenges that security organizations may face when trying to influence others, and provide strategies for overcoming these challenges. The audience will gain a deeper understanding of how to build effective relationships, establish credibility, and create coalitions with other stakeholders to amplify their influence and achieve their goals.

Attendees will leave this talk with a set of actionable strategies that they can use to increase their influence within their organizations, drive the adoption of security best practices, and improve the overall security posture of their business. They will gain an appreciation for the importance of influence and learn how to apply these concepts to drive positive change in their organizations.