S
S
Secure Delivery Playbook
Equal ExpertsPlaybooksContact us
Search…
Overview
Introduction
Principles
Practices
Organise
Scaling Security
Vulnerability Management
Incident Response
Training
Compliance & Policy
Intelligence
Build
Operate
Contribute
Powered By GitBook
Training

Provide role-specific training

Each individual on a delivery team has a part to play, and should understand how security applies in their context. Although it may appear that security training should be focused on software engineers, it's important to provide training for all roles in a team including developer / engineering, BAs, POs, DLs, etc. For example, a Product Owner should understand the risk that the product is exposed to without appropriate security controls, and should be empowered to challenge security requirements that are not well defined.
Examples:

Provide specialist consulting to teams

Delivery teams don't always have the experience or skills required to address more specialist areas of security. This leads to suboptimal solutions or increased risk or complexity. Security Engineering should provide specialists in order to assist delivery teams when the team lacks the skills to complete a particular feature (for example when implementing features that require cryptography).
Security Engineering should also be available to conduct or facilitate threat modelling sessions, and use this as an opportunity to teach this skill to others.
Previous
Incident Response
Next
Compliance & Policy
Last modified 2yr ago
Export as PDF
Copy link
Outline
Provide role-specific training
Provide specialist consulting to teams