Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Security Culture on Infrastructure Teams

Building Security Culture on Infrastructure Teams

Security is an increasingly important aspect of software development, especially for services that process and store sensitive data.

In rapidly growing and dynamic organizations, infrastructure teams need to balance building features to support product growth and business goals while maintaining a secure platform. At Stripe we believe that security is a collective responsibility, and it’s especially important to closely collaborate with security teams to continually improve the quality of decisions and changes that affect sensitive systems.

In this talk, we’ll discuss strategies for building a culture of security so infrastructure and security teams can each play to their strengths while maintaining high development velocity. We’ll walk through some examples of both how we typically run security-sensitive projects at Stripe as well as processes that help to extend security awareness (and interest!) through the rest of your organization.

Franklin Hu

June 12, 2019

More Decks by Franklin Hu

Other Decks in Technology


  1. Learning & Growth Create a safe space where people can:

    • Build expertise over time • Ask questions • Try things and fail in a supported way
  2. To conclude... Elements • Responsibility • Learning & Growth •

    Empathy Tools • Rotations • Security Advocates • Tabletops, Gamedays • shipped@, fixed@ • Security Review
  3. Thanks! Franklin Hu @thisisfranklin [email protected] Appendix Daring Greatly: How the

    Courage to be Vulnerable Transforms the Way We Live, Love, Parent, and Lead (Brené Brown) Increment.com https://stripe.com/blog/game-day-e xercises-at-stripe