Shifting Security PEOPLE Left: a Successful Experiment Embedding a Security Engineer in Sales to Build Empathy, Trust, and [more] Scalable RFI and Incident Response Processes

What do you get when you take a nearly burned-out security engineer with a foot-at-the-door but trying one last “plan c” to save a budding security enablement program, mix in some extremely supportive and creative solutions engineers, and add a healthy dose of an executive sponsor with a gift for identifying value and an appetite for “we can do better”? You have a recipe for a silo-busting experiment of “shifting security [people] left” and after two years some excellent lessons learned.

This talk is both a retrospective on GitHub Revenue’s welcoming of an embedded security engineer, as well as “Do try this a home” how to on building customer trust, scaling security RFI response, multiplying a company’s incident response capabilities, and above all increasing security awareness in and empathy for sales teams.

Spoiler alert: As all security blue team members know in our heart of hearts, we are not just a cost center to protect the business and ARR: we can actually grow revenue through tighter partnerships and empowering stakeholders. This experiment proves it AND brought enthusiasm and hope back to a cynical security engineer.