As companies become more mature in their security posture it becomes more important to build an efficient and scalable security engineering team. This team is responsible for improving the overall security posture of the company and reducing the company’s software risk. Building a team of passionate, knowledgeable security engineers lead by an inspirational security leader is more difficult than it seems. Many Security Engineers have different incentives and expectations than other employees, and with the current security climate these individuals are highly sought after.
In this talk we’ll discuss the process I’ve used to build one of the best security service teams in the industry and some of the challenges I’ve faced. We’ll tell many stories of mistakes and successes in our growth path and how you can mitigate or replicate each, respectively.
I’ll give you actionable guidance on recruiting, filtering, interviewing, and hiring. We’ll also talk about building a culture of success around your security team which gives your team the freedom to build their skills while aligning to company goals. Finally, we’ll talk about how an internal security team can fit within the other teams in your organization and within the greater vendor strategy you may be using.