February 20, 2016

Federal Trade Commission Start With Security Seattle

The FTC’s third “Start With Security” event took place on February 9, 2016, in Seattle, Washington, and was co-sponsored by the University of Washington Tech Policy Lab, the University of Washington School of Law Technology Law & Public Policy Clinic, and CoMotion at the University of Washington.

The one-day event continued the FTC’s work to provide companies with practical tips and strategies for implementing effective data security. The event brought together experts to provide insights on how startups and other small companies can secure the software and products they develop, and how important it is to do so. FTC Commissioner Julie Brill kicked things off with opening remarks. The day included panels on Building a Security Culture, Integrating Security into the Development Pipeline, the Business Case for Security, and Securing the Internet of Things.


Panel 1: Building a Security Culture

How can startups build a culture of security? This panel will explore how startups can jumpstart security in their organization, and why they should, including how to get organizational buy-in for security, train developers to code securely, use basic threat modeling to identify security threats, and more.


Panel 2: Integrating Security into the Development Pipeline

How can startups effectively integrate security testing and review into their development processes when they may be hiring new engineers at a rapid clip, experiencing exponential user growth, and shipping code frequently? This panel will discuss how security testing can be automated and adapted in startup environments.


Presentation – Avoiding Catastrophe: An Introduction to OWASP Proactive Controls

Ian Gorrie
Principal Consultant
Locked Networks
Chapter Leader
Open Web Application Security Project (OWASP), Seattle Chapter


Panel 3: The Business Case for Security

How can startups determine the importance of security to their bottom line? Building security in up front may help startups avoid significant costs: Venture capital investors may emphasize security in funding decisions; customers may demand contractual security requirements; potential acquirers may evaluate a startup’s security posture; and startups may incur fatal damage to reputation and monetary costs from a security incident. This panel will discuss the importance of security from the investor, customer, and potential acquirer standpoints.


Panel 4: Securing the Internet of Things

Connected devices present new security challenges and expanded attack surfaces. How can startups secure their IoT products and services in a rapidly developing ecosystem? This panel will address how IoT startups can identify and manage critical risks in their businesses and plan for the unique challenges they face.