Adobe recently held a Security Champions Summit in Bucharest. This was a multi-day event with the goal of building up the skills of our current security champions and encouraging new ones to join the program. Part of the efforts during the summit were to look at ways to consolidate processes, improve visibility for the work our champions do, and to provide training sessions and activities. Additionally, the summit provided a dedicated event for champions to meet each other face-to-face, trigger new ideas by stepping out of the ‘comfort zone’ of their own product teams, and actively be involved in hands-on trainings that will help build better partnerships with engineers and managers.

In addition to our global Security Champions, site reliability engineers, computer scientists, security analysts, cloud security engineers, and security managers from various Adobe teams were present and actively participated in discussions and brainstorming sessions. These sessions covered technologies including our own recently open-sourced tools like HubbleStack and key topics such as threat intelligence, forensics, disaster recovery, and compliance. There were also exercises around log analysis and container security. The Summit brought together the voices of security from within the product teams to share Adobe and industry best practices, as well as the latest guidance on maintaining a strong security posture across all our products.

Events like these are part of Adobe’s ongoing commitment to constantly help spark new ideas that challenge the status quo and build the broadest “security aware” community we can across the company. This effort is also part of our continued evolution around “SecDevOps” processes where security is built into the DevOps process and infrastructure from the get go. Day-to-day activities by our development teams not only contribute to the achievement of operational and development goals but also keep high levels of security, data integrity and privacy, and availability. This improved set of processes are also much easier to audit and ensure adherence to established compliance controls. With product teams engaging with security champions and researchers as early as possible, we have been able to begin shifting from reactive to proactive approaches, better integrating defensive practices throughout the product lifecycle. Activities like the Summit help to better evangelize and cement these “security first” practices to the benefit of teams across the company.

The Security Champions Summit in numbers:

  • 2 days
  • 11 speakers
  • 2 workshops
  • 1 panel
  • 9 talks
  • Attendees from 4 countries

Daniel Barbu
Manager, Security, Adobe Bucharest

Community, Compliance, Major Initiatives, Secure Product Lifecycle (SPLC)

Posted on 07-31-2018