Stacy Simpson, SAFECode

Next week, tens of thousands of security professionals will gather once again in San Francisco to talk all things security, including software security. At SAFECode, this is one of our favorite times of the year, despite the fact that many might not know we are even there.

Let me explain.

A few months ago, I let my friends and colleagues in the industry know that I planned to rejoin the SAFECode team. In response, there was one question that I kept getting asked, “what does SAFECode do besides publish papers?” It seemed to me that while the work that SAFECode publishes externally is highly regarded, people outside the organization really only get to see a small glimpse of what its members do.

So what do we do? Put simply, we collaborate. SAFECode is one of the few places where business and engineering leaders can safely and directly connect with other professionals tasked with managing highly scalable, global software security programs to exchange ideas, share lessons learned, and work together to make a positive impact on both their businesses and the security of the greater technology ecosystem. SAFECode also offers a unique structured environment for software security managers to connect their team members with their industry peers to collaborate on technical challenges and support their continued professional development.

Of course, whenever we can, we try to take the best of that collaboration and publish it freely. Our goal in doing so is not only to support other organizations and professionals working to build more secure software, but also to help customers and other stakeholders better understand how a secure development process impacts the security of the software they purchase so that they can better manage their supply chain risk. As SAFECode’s director of marketing, this external sharing of our work is my primary focus, and something I hope to do with more frequency in the future. But there is a lot more work that goes on “behind the scenes”, so to speak.

And this brings me back to our love for the RSA Conference. While it is true, we won’t be making any headlines this year, our members will be there working together throughout the event. Not only is it a great conference and a valuable week of activities and networking, but it is one of the few times a year we are able to bring our collaboration face-to-face. The results always seem to exceed our expectations. This year, we have a number of member events planned during the week.

Our Technical Leadership Council (TLC) will be meeting to review and discuss our “idea hopper.” Much of SAFECode’s work is sourced “from the ground up” where members can submit ideas for challenges to tackle, or guidance to share, based on their current work experiences. As the driver of SAFECode’s technical work, the TLC is the first stop for reviewing “idea hopper” suggestions, prioritizing projects, and making sure small group collaborations have the resources they need to meet their objectives. While the TLC meets monthly, the extended face-to-face meetings greatly energize the group’s efforts, spark a host of new ideas, and reliably end with a full slate of exciting projects to tackle.

Our Board of Directors will also be meeting during the conference. Of course, the Board does what Boards do – makes sure that SAFECode is executing on its vision, using its resources wisely, and serving its members well. Like the TLC, our Board also meets monthly, but the extended face-to-face meetings provide an opportunity for them to step back and take a hard look at the big picture and think of ways that SAFECode can have a broader impact. If you haven’t before, take a look at our Board’s membership. It is an impressive group and their exchange of ideas is always equally impressive and highly productive.

And perhaps best of all, SAFECode will be hosting our All Member Meeting where anyone who is a part of a SAFECode member company can join us for breakfast and meet the people they have been emailing with during the development of a guidance paper or listening to on a member webinar. It is a great opportunity for those new to SAFECode to learn more about the value of participating in one of our projects. SAFECode leadership also likes to use this time to recognize member teams and applaud their contributions to our work. (Psst..SAFECode members – if you have not yet registered, sign up here )

Numerous representatives from our member companies will be attending and participating in conference activities. Our executive director, Steve Lipner, will also be on-site all week. If you really want to learn more about what SAFECode does, I recommend you go straight to the source and ask a member when you run into one. If you are considering membership, but still have questions, let us know and we are happy to set up a short meeting during the conference with Steve or a member representative.

I look forward to using this space to share more information about what SAFECode is doing and hope that you’ll check back in with us periodically to see what’s new. In the meantime, I wish all of those attending the RSA Conference next week a productive and enjoyable experience.