Disclaimer: This summary has been generated by AI. It is experimental, and feedback is welcomed. Please reach out to info@qconlondon.com with any comments or concerns.
The presentation titled Secure by Design: Building Security into Engineering Workflows and Teams explores how to integrate secure development practices into engineering workflows. Presented by Stefania Chaplin, the talk emphasizes the seamless integration of security into development processes, highlighting both the technical and human elements involved.
Key Points:
- Integration of Security: Security should be integrated early and continuously in the development lifecycle to prevent vulnerabilities and reduce costs.
- Communication and Collaboration: Emphasizes the significance of communication among teams, fostering collaboration and shared ownership across different organizational levels.
- Automation: Encourages the adoption of automated processes to enhance security and efficiency, supported by tools like static and dynamic code analysis, container scanning, and more.
- Security Champions: Advocates for embedding security champions within teams to foster a culture of security, facilitate cross-team communication, and provide real-time vulnerability detection.
- Education and Training: Continuous training opportunities are crucial for empowering developers with secure coding practices and reducing the knowledge gap.
Takeaways:
- Security is an enabler, not a blocker, for innovation when integrated effectively.
- Security must be built into the culture of the organization through transparent communication.
- Practical strategies improve security processes, preventing issues and enabling innovative development without fear.
The presentation seeks to equip teams with actionable insights to shift security left and enable secure, innovative development practices.
This is the end of the AI-generated content.
Security doesn't have to be a blocker- it can be an enabler. In this session, we’ll explore how to seamlessly integrate secure development practices into engineering workflows while fostering a culture of collaboration and shared ownership. From integrating security into IDEs, build pipelines, and CI/CD workflows to empowering developers with real-time vulnerability detection, we’ll showcase practical strategies to make security second nature for your team.
But secure development is about more than just tools - it’s about people. We'll discuss how to break down silos between developers and security teams, embed security champions in your organization, and leverage engaging, gamified training to build confidence and capability in secure coding practices.
Walk away with actionable insights to shift security left, enable your team to innovate without fear, and create workflows that blend security seamlessly into everyday development. Let’s build software that’s secure by design - together.
Interview:
What is the focus of your work?
My work focuses on making security an integrated, empowering part of the software development process. I believe security should be woven into every stage of development - not something that slows things down, but something that enables teams to build with confidence. I help organizations create workflows where security is seamless, accessible, and collaborative, empowering both developers and security teams to thrive together.
What’s the motivation for your talk?
The motivation for my talk is simple: security shouldn't be a roadblock - it should be an enabler of innovation. I want to show how we can build security into development workflows without stifling creativity. By fostering collaboration and breaking down silos between teams, we can make secure coding practices a natural, everyday part of development. It's about equipping teams with the tools, knowledge, and confidence they need to build secure software without hesitation.
Who is your talk for?
This talk is for anyone who wants to make security a natural part of their development process. Whether you’re a developer, a security professional, or a team leader, this talk will help you understand how to bring security into your workflows in a way that feels empowering, not restrictive. It’s for anyone ready to shift their mindset and embrace a collaborative approach to building secure software.
What do you want someone to walk away with from your presentation?
I want attendees to leave feeling confident that security can be part of their daily development practice. They’ll take away practical strategies for integrating security into their workflows, from real-time vulnerability detection to breaking down barriers between development and security teams. Most importantly, I want them to feel inspired to build secure software from the ground up - confidently and without compromise.
What do you think is the next big disruption in software?
The next big disruption in software will be the widespread integration of AI and automation into every part of the development lifecycle. From code generation to automated testing and even security vulnerability scanning, AI will streamline and accelerate development, enabling teams to focus on higher-level innovation while letting machines handle the repetitive tasks.
What was one interesting thing that you learned from a previous QCon?
One of the most interesting things I learned at a previous QCon was the power of informal conversations between speakers and attendees during breaks. It’s always fascinating to hear directly from others about the challenges they’re facing and the innovative ways they’re approaching solutions. I also love discussing past sessions with other speakers—particularly the architecture track on the main stage, which is always a hot topic. The exchange of ideas and insights during these moments really adds depth to the overall conference experience.
Speaker
Stefania Chaplin
Founder & CEO @DevStefOps, Previously Solutions Architect @GitLab, AWS Certified Security - Speciality
Stefania specialises in cultivating clear, effective communication that unites teams and leaders across all levels of an organisation. With a background in security and development, she has led multi-million pound projects and managed diverse, multicultural teams across a range of industries and countries. Her approach breaks down communication barriers, aligns groups, and creates shared understanding - driving collaboration, efficiency, and better decision-making. Stefania helps organisations foster a culture of transparency and trust, enabling teams to work together more effectively and achieve meaningful results.
As a sought-after speaker, Stefania has shared her insights at hundreds of global events, empowering organisations to bridge communication gaps and create high-performing, cohesive teams.
Find Stefania Chaplin at:
Date
Tuesday Apr 8 / 10:35AM BST ( 50 minutes )
Location
Mountbatten (6th Fl.)
Slides
Slides are not available
