Embed Size (px)
Citation preview
Julia Knecht | Adobe Systems@juliaamarieee
SAASy SPLC
About Adobe
SAASy SPLC - @juliaamarieee 2
CONTENT DATA
Creative Cloud Document Cloud Marketing Cloud
Community Marketplace Partners Developers
Now
SAASy SPLC - @juliaamarieee 4
Analytics Audience Manager
Campaign Experience Manager
Media Optimizer
Primetime Social Target
Goals
SAASy SPLC - @juliaamarieee 5
How• Get Buy In• Set a Baseline• Measure & Automate• Leverage Existing Process• Build a Community• Create Opportunities for Learning• Be a Service Organization• Add Value
SAASy SPLC - @juliaamarieee 6
People will do things for 1 of 2 reasons:
7SAASy SPLC - @juliaamarieee
Security as a Service
SAASy SPLC - @juliaamarieee 8
Product Engineering Team Buy-In
9
Product
SAASy SPLC - @juliaamarieee
Our Security Champions are…
10SAASy SPLC - @juliaamarieee
It has to be the product team –get champions
11SAASy SPLC - @juliaamarieee
Map: Security Certification Program
12SAASy SPLC - @juliaamarieee
Tactic: Competition: Before
13
A B C D E F G H IWhite Belt 99 95 99 100 92 100 96 93 96Green Belt 98 95 94 93 88 84 70 54 41
0
10
20
30
40
50
60
70
80
90
100
White Belt
Green Belt
SAASy SPLC - @juliaamarieee
Tactic: Competition: After (2 days later)
14
A B C D E F G H IWhite Belt 100 95 100 100 92 100 96 100 96Green Belt 100 95 100 100 88 100 96 100 68
0
10
20
30
40
50
60
70
80
90
100
White Belt
Green Belt
SAASy SPLC - @juliaamarieee
Set a Baseline
15SAASy SPLC - @juliaamarieee
Measure & Automate
16SAASy SPLC - @juliaamarieee
Provide Incentives
17SAASy SPLC - @juliaamarieee
18
"I know that well enough, Mr. Frodo. Of course you are. And I'm coming with you.”
"ButIamgoing toMordor."
SAASy SPLC - @juliaamarieee
PLC à SPLC
19SAASy SPLC - @juliaamarieee
Leverage Existing Process
20SAASy SPLC - @juliaamarieee
Security Team
21
training, threat modeling, hacking skills, security automation, checklists, sign-off, coordination, security monitoring team, talking to customers about security…
You have my bow
SAASy SPLC - @juliaamarieee
Services• Threat Modeling• Testing Automation • Security • Pen Testing Coordination• Best Practices/Training• Security Testing• Security Architecture Reviews• Customer Security Engagement
22SAASy SPLC - @juliaamarieee
Be a Service Organization
23SAASy SPLC - @juliaamarieee
Provide opportunities for learning & a Secure-Engineering Community
24SAASy SPLC - @juliaamarieee
Add Value
25SAASy SPLC - @juliaamarieee
Results
26SAASy SPLC - @juliaamarieee
LL Summary• Champions• Training• Existing Process• Measure• Automate• Recognize• Add Value
27SAASy SPLC - @juliaamarieee
Adobe Resources
28
Security portalhttps://adobe.com/security
Security @ Adobe bloghttps://blogs.adobe.com/security/
Advisories and updateshttps://www.adobe.com/support/security
Twitter: @AdobeSecurity
SAASy SPLC - @juliaamarieee
