#52: Secure Leadership with Laura Bell Main

With over twenty years of experience in software development and application security, Laura Bell Main specializes in bringing Application Security and Secure Development practices into organizations worldwide.

She is the co-founder and CEO of SafeStack, an online education platform offering flexible, high-quality, and people-focused secure development training for fast-moving companies, focusing on building application security skills, practices, and culture across the entire engineering team.

Laura is an experienced conference speaker, trainer, and regular panel member and has spoken at various events such as BlackHat USA, NDC, RenderATL, and OSCON on application security, DevSecOps, secure development, and security mindset. 

She is also the co-author of Agile Application Security and Security for Everyone.

Top 3 Takeaways

1. Small is beautiful. When we need our teams to tackle BIG problems in work and life, it’s helpful to break the issue down to make it more manageable. Otherwise, our people may be too overwhelmed to act at all.
2. Show and tell. If you want people to care about your work, you’ve got to make them aware of it first. Get creative and take every opportunity to showcase your efforts and the positive impact you’re having on something everybody cares about.
3. Stay positive. It can be tempting to frame negative consequences in an attempt to garner attention and resources, but use this technique sparingly. Instead, communicate the benefits of action which can lead to sustained interest and investment.

From the Source

“We need to get rid of this superhero mentality, and we need to really give everyone a little bit to do, and to do it consistently over time.”

“You are the complex combination of everything you've done before and everything you've seen. So when you look at something, you see it one way, but the other 20 people on your team have all got different journeys, and they can look at exactly the same thing and see something you never saw.”

“We believe that we are stronger when we work together, that it's easier to do security when we all do a little bit, rather than expecting one person to do an inhuman amount of work.”

“You, as a security person, cannot stand outside what makes that business successful. You have to be an integral part of that success, which means you need to come to their language and speak.”

“​​You've got to engage people, not their fear, but their curiosity.”

“It's like buying a gym membership. Technically it can make you fit and healthy, but it only works if you then invest the resources and the time to actually use the thing to build your skills.”

“For many of our organizations, things that are going to kill your business, if you were to write them down as a list, security probably isn't in the top five. It doesn't mean it's not important, but we have to be pragmatic.”

Connect with Laura

Website:  http://safestack.io

Linked In: https://nz.linkedin.com/in/lauradbell

Twitter: https://twitter.com/lady_nerd

Laura’s Books

• Agile Application Security
• Security for Everyone