Is Pursuing CHANGE Essential in AppSec?

To what extent should pursuing CHANGE be part of your software security strategy? Does it make sense to try to change the habits and behaviors of the people in your organization?

Or, is it simply about implementing technical controls to secure the business in the context of the existing environment without explicitly trying to transform culture, hearts, and minds?

If it is about change, how can we go about it effectively? Are there proven concepts from the practice of change management that we can draw from?

There are likely many opinions on this topic! Fortunately, our Let's Talk Software Security community is different: this is not a one-way lecture/talk, but rather an open discussion driven by your own experiences and insights!

Come share your knowledge, listen, and learn while we support and challenge each other to discover solutions that improve the software security landscape.

* We do not record our sessions and follow Chatham House Rules in order to protect the privacy, identity, and reputation of our participants while encouraging open and honest conversation.