Today everyone understands why cyber security is crucial to any business organization. Yet, most software engineering teams building products and services still struggle to improve their security posture.
Organisations, especially large enterprises, invest large sums in training, creating DevSecOps guidelines that follow industry best practices and applying security policies to the whole organization. However, are those actually applied practice? Are engineering teams adopting security practices?
In this talk, we are going to explore how organisations, especially their SW engineering teams, can truly assess and measure their security posture, making sure that organizational guidelines and policies actually make sense and are followed in practice.