This course aims to help small development teams understand and implement a unified security strategy. The learning outcomes include understanding the importance of technical work, managing security as a whole-systems outcome, assessing risk and cost effectively, and integrating security into the organization and business. The course covers topics such as security compliance, staffing, working with consultants, and planning for security. The teaching method involves a lecture format with practical insights and strategies. The intended audience includes engineering directors, security hires at startups, consultants, and anyone interested in enhancing their understanding of security within development teams.
Overview
Syllabus
Introduction
Who is this for
What is security
What is strategy
Risk
Security Outcomes
Incentive Alignment
Security is not about computers
Exposure tolerance
Maturity level
Tech debt
Brooks law
Compliance
Governance
Metrics
Blameless Engineering
Designing for Human Error
Teach Systems Literacy
Responsibility for Security
Do not be a gatekeeper
Engineering principles
Capability is a liability
Two different systems architectures
QA matters
Hiring vs consulting
Buying security
Threat intelligence
Platform choices
Separation of concerns
Segmentation
Redeploy
Autoscaling
Trust Chaining
Automation
Observability
Legal
Security Books
Questions
Taught by
Cooper
