Brian Saylor - I Hate You (getting along with dev teams)

Do the software engineers all secretly hate you? Or maybe not so secretly? Do you have to beat them with a stick to get them to implement the most basic security guidelines? Do they spend all of their time circumventing your well thought out, well intentioned, guidelines and tools carefully designed to keep the company safe? Why is that and is there anything you can do, short of getting bigger sticks? I have spent many years developing software and managing software teams and projects. I have often found myself in the position of being the security proponent (or even worse, expert) within the software organization. This has put me in a position to see the many of the interactions that happen between software development and security. Both the good and the bad. I have been that guy that hates you. I have been the one bypassing your security process and tools. Let's discuss some of the interactions that I have observed or participated in and how they went so wrong. Maybe together we can identify why they went wrong and maybe even some ways to avoid those failures in the future. Because sometimes there just isn't a big enough stick. But I still hate you.