People & CultureConference50min
Secure by Culture: Building a Developer-Driven Security Mindset
This talk argues that secure development relies more on behaviors than tools or policies, applying behavioral science (COM-B model) to foster lasting security culture. It offers practical strategies—team rituals, peer modeling, and workflow integration—to help developers embed secure practices, making security a valued, seamless part of software engineering.
Enrique Larios VargasAdyen
talkDetail.whenAndWhere
Wednesday, October 8, 15:10-16:00
BOF 1
What if secure development were more about behavior than just policies and tools? In this talk, we’ll explore how software developers can influence security culture through their daily decisions, team habits, and shared norms. By drawing on behavioral science and real-world engineering challenges, we'll discuss why traditional approaches—focused primarily on tools and compliance—often fall short in integrating secure practices into the development process.
You’ll learn how capability, opportunity, and motivation drive secure behavior, based on the COM-B model. We will also explore practical strategies for cultivating a security mindset through team rituals, peer modeling, and developer-centered interventions. Whether you consider yourself a skeptical coder or a security enthusiast, this talk aims to help you view security not as an obstacle, but as a valuable craft.
Key Takeaways:
- Understand security culture from a developer’s perspective.
- Identify behavior-based blockers to secure coding.
- Learn how to embed secure practices into your daily workflow.
- Discover developer personas and nudges that shape secure behavior.
Target Audience:
Software developers, tech leads, security champions, and engineering managers interested in building security practices that stick without slowing down delivery.
You’ll learn how capability, opportunity, and motivation drive secure behavior, based on the COM-B model. We will also explore practical strategies for cultivating a security mindset through team rituals, peer modeling, and developer-centered interventions. Whether you consider yourself a skeptical coder or a security enthusiast, this talk aims to help you view security not as an obstacle, but as a valuable craft.
Key Takeaways:
- Understand security culture from a developer’s perspective.
- Identify behavior-based blockers to secure coding.
- Learn how to embed secure practices into your daily workflow.
- Discover developer personas and nudges that shape secure behavior.
Target Audience:
Software developers, tech leads, security champions, and engineering managers interested in building security practices that stick without slowing down delivery.
Enrique Larios Vargas
Enrique Larios Vargas is a Security and Learning Specialist with over 8 years of experience designing impactful learning and enablement programs across fintech, engineering, and security domains. With a background as a university lecturer in software engineering in Peru, the Netherlands, and Canada, he brings a unique blend of technical insight and behavioral science to his work. Enrique is the lead author of the research paper “DASP: A Framework for Driving the Adoption of Software Security Practices”, which explores how behavioral models like COM-B can drive secure development. He is passionate about helping developers move beyond compliance and build a meaningful, human-centered security culture.
comments.speakerNotEnabledComments