I work a lot with my company's infrastructure team and would like to help develop a hacker's mindset within that team. In essence, I'm trying to create a better understanding within that team of the impact their day-to-day work could have on the company's security posture. What are some good ways to create infosec-centered culture, where people are much more aware that they need to consider infosec on a daily basis?

Top Answer : Set up some hackathons where you have a few options 1) have them run an exercise where they sit in the shoes of your Security team 2) have them try a precanned exercise like OWASP webgoat or something similar 3) set up a custom exercise to show them the impact of poor design decisions that cause things like XSS or SQLInjection. Have your security team there to answer questions, encourage folks and build relationships!

6492 views
2 comments
1 upvotes
Related Tags
Blue Monitor
Engineering, Software
Set up some hackathons where you have a few options 1) have them run an exercise where they sit in the shoes of your Security team 2) have them try a precanned exercise like OWASP webgoat or something similar 3) set up a custom exercise to show them the impact of poor design decisions that cause things like XSS or SQLInjection. Have your security team there to answer questions, encourage folks and build relationships!
3 upvotes
Blue Processor
IT, Software
I wrote this blog post a few years ago as part of my role at Cybric and it gives some ideas on how to shift security thinking into the DevOps culture and dev/infrastructure teams --> https://medium.com/@mdkail/injecting-the-sec-into-devsecops-1d752788a24
1 upvotes