I work a lot with my company's infrastructure team and would like to help develop a hacker's mindset within that team. In essence, I'm trying to create a better understanding within that team of the impact their day-to-day work could have on the company's security posture. What are some good ways to create infosec-centered culture, where people are much more aware that they need to consider infosec on a daily basis?

Cloud - Set up some hackathons where you have a few options 1) have them run an exercise where they sit in the shoes of your Security team 2) have them try a precanned exercise like OWASP webgoat or something similar 3) set up a custom exercise to show them the impact of poor design decisions that cause things like XSS or SQLInjection. Have your security team there to answer questions, encourage folks and build relationships!

2 comments

https://www.pulse.qa

Pulse User

Set up some hackathons where you have a few options 1) have them run an exercise where they sit in the shoes of your Security team 2) have them try a precanned exercise like OWASP webgoat or something similar 3) set up a custom exercise to show them the impact of poor design decisions that cause things like XSS or SQLInjection. Have your security team there to answer questions, encourage folks and build relationships!

Pulse User

I wrote this blog post a few years ago as part of my role at Cybric and it gives some ideas on how to shift security thinking into the DevOps culture and dev/infrastructure teams --> https://medium.com/@mdkail/injecting-the-sec-into-devsecops-1d752788a24