Katie Bauer!

There's a brief section on information security in particular that grabbed my attention. It talks about "shifting it left" in the development lifecycle. Process-wise, this sounds way more effective, but the cool thing is that it actually drives higher quality in your software

That fact is pretty interesting to me on its own, but the specifics are also (dare I say?) inspiring to me. I'll just excerpt because it's clearer than what I'd write:

"We want to make it easy for developers to do the right thing when it comes to infosec. This can be achieved by ensuring that there are easy-to-consume, preapproved libraries, packages, toolchains, and processes available for developer and IT operations."

"What we see here is a shift from information security teams doing the security reviews themselves to giving the developers the means to build security in. This reflects two realities:"

"First, it's much easier to make sure that the people build the software are doing the right thing than inspect nearly completed systems and features to find a significant architectural problems and defects that involve substantial rework."

"Second, information security teams simply don't have the capacity to be doing security reviews when deployments are frequent."

If you've ever lamented that you as a DS are brought into the loop too late, these ideas are worth paying attention to. The artifacts you produce are different from those of an infosec engineer, but the concepts are exactly the same.

"Easy-to-consume" depends on what your team's responsibilities are, but they're all about format. Maybe it's bullet points in the executive summary of your write up, maybe it's a good SELECT * style aggregate table, maybe it's well thought out data models underpinning your tools