Who is This For?#
This guide is written primarily for individual contributors who are not currently security engineers, but are interested in learning ways to improve how they implement security practices in their code and how they interact with their security teams and/or consultants. The focus of this guide is to define DevSecOps and dive into ways to support it within an organization.
What is Covered?#
Building Empathy & Team Interactions#
- Walk A Mile: Shadowing
- Full-Service Ownership
- Security Champions Program
- Meet Needs to Gain Momentum
- Team Interactions
Training and Education#
- Threat Modeling Exercises
- Capture the Flag Games
- Establish Trust: Don't Do Gotchas
- Socially Engineer Security Trainings
This documentation is provided under the Apache License 2.0. In plain English, that means you can use and modify this documentation and use it both commercially and for private use. However, you must include any original copyright notices and the original LICENSE file.
Whether you are a PagerDuty customer or not, we want you to have the ability to use this documentation internally at your own company. You can view the source code for all of this documentation on our GitHub account. Feel free to fork the repository and use it as a base for your own internal documentation.