Nurturing Security Culture at Adobe

by Brad Arkin

posted on 10-01-2018

To continue nurturing the security culture at Adobe, we sustain a balanced security program to engage employees throughout the year on security awareness. One of Adobe’s core values is to “be genuine” and this helps guide us to foster an experience to help ensure that Adobe remains a trustworthy partner, one our employees and users can have faith in.

National Cyber Security Awareness Month (NCSAM) — observed every October — was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. At Adobe, we focus on celebrating security throughout the year, but especially during the month of October, taking the opportunity to raise security awareness with talks, training and activities aimed at helping employees be more secure at work and at home.

This year’s lineup includes:

NCSAM is one piece of the puzzle. During the rest of the year at Adobe, we also host ongoing monthly tech talks that are open to the entire company to help keep the conversation around security fresh. Our “Security Exchange” series is aimed at getting people more aware and talking about our internal security processes, perspectives from the industry, and shared learning among teams.

The security team can’t be everywhere at once. Fortunately, we have a host of people in the product engineering teams that are passionate about security and have stepped up to lead the charge in security matters for their teams. These are our Security Champions, valued partners with the security teams that help push their team’s security posture forward.

We also hold security briefings for our Security Champions to help keep them up-to-date on changes in the security space (there can be many!) This forum also allows our security teams to tell their own stories, illustrating what they see day-to-day. In addition, we provide opportunities for our Champions to learn new skills or hone and strengthen existing ones.

As both attack and defense tools and techniques continue to evolve, malicious actors are increasingly turning to attacking the network as well as the human element – this is why embedding security into company culture is so important. Focusing on our employees’ security awareness is critical to maintaining our heightened line of defense.

Topics: Community