Introducing a new paradigm for integrating developers with offensive and defensive teams to enhance SDLC. Utilizing Red, Blue, and now Yellow (Development) Teams in a structured way to provide knowledge sharing, strengthening of defenses, coverage, and response, and ultimately the development of a high level of security maturity over time. This new concept of "Red + Yellow == Orange && Blue + Yellow == Green" focuses on the role of Developers as a critical piece of security assurance activities when combined with Offensive and Defensive Teams. Orange Teams add value when they have been integrated into SDLC by creating a cycle of perpetual offensive testing and threat modeling to make software more secure over time through a high level of dedicated interaction. Green teams add value when they help ensure software is capable of providing good DFIR information. This talk will evaluate how different Team combinations can lead to more secure software.
April C. Wright is a Senior Security and Compliance Manager for Verizon Wireline, building SDLC program maturity, implementing eGRC, spearheading Threat Intelligence, and performing risk reduction with a vengeance via leadership for comprehensive security programs for massive global infrastructures. She is a hacker who has spent the last 25 years as a generalist, breaking, making, fixing, and defending all the things, while playing roles on offensive, defensive, operational, and development teams throughout her career. Specializing in seemingly nothing (except maybe learning about everything in the hope of sharing and employing knowledge), April has collected dozens of certifications to add letters at the end of her name, from Social Engineering to Cloud Security to First Aid to Photography. She once read on teh interwebs that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the "most significant and interesting person currently inhabiting the earth", so it must be true.