Resistance Is Futile
How not to talk to software developers about security
"We are the Borg. Lower your shields and surrender your ships. We will add your biological and technological distinctiveness to our own. Your culture will adapt to service us. Resistance is futile."
Does this sound similar to your experience of security professionals trying to make sure you write secure software? It's a familiar story to us, as researchers in secure software development. We've seen attempted assimilation where there needs to be dialogue.
As research team comprising a psychologist, a security professional and an experienced software developer, we undertook over 40 hours of interviews with software professionals to learn more about their distinctive culture. Rather than ignoring this, security professionals should embrace it. It offers tremendous scope for working more effectively together.
This session is about what we learned from really listening to developers, and what we propose to do about it.
Gail Ollis
Gail has been presenting at tech conferences since 2007. Sharing knowledge soon became part of the day job in an accidental second career. For two decades Gail was a commercial software developer, eventually becoming so obsessed with the human aspects of the job that she took a psychology degree to investigate further.
Her PhD in psychology of software development created the opportunity for applying her interdisciplinary outlook to researching cyber security for software developers. Alongside her research she teaches at the University of Portsmouth, Open University and as an online private tutor, and is loving her "portfolio career".
Gail loves to help people learn and develop. She launched the ACCU Early Career Day in 2019 and is looking forward to bringing together her Dream Team again to help more early career developers.
Iain Reid
Dr Iain Reid is a Lecturer in Cybercrime and Chartered Psychologist in the School of Criminology and Criminal Justice at the University of Portsmouth. Iain’s research places an emphasis on the application of psychological research to cybercrime and security and defence and security. The objective of his work has been to increase the effectiveness of assessments across a range of information landscapes. His research interests include perceptual and behavioural changes between online and offline communication, cost-benefit analysis and perceptions of risk in high stake human decision-making, developing innovative approaches in cyber deception for defence, digital footprints and emissions, and how software developers perceive security and risk in their work.