Six Years in Review: Transforming Company Culture to Embrace Risk
Ariel Shin
BSidesSF 2024 · Day 1
This talk, "Six Years in Review: Transforming Company Culture to Embrace Risk," delivered by Ariel Shin, Product Security Engineering Manager at Twilio, details a transformative journey in vulnerability management. Shin takes the audience through a six-year evolution of a single program that successfully shifted company culture from ignoring risk to actively embracing it. The core of this transformation lies in the implementation and continuous iteration of a **Democratized Vulnerability Management (DVM)** approach, which reassigns the primary responsibility and accountability for vulnerabilities from the security team to engineering teams.
AI review
This talk details a practical and effective approach to scaling vulnerability management by democratizing ownership and accountability to engineering teams. While not a deep technical dive into exploitation or novel attack vectors, it presents a well-engineered defensive program that addresses real-world challenges in large organizations. The speaker's experience and the detailed account of implementation, challenges, and solutions make this a valuable session for anyone serious about operationalizing security at scale.