Nurturing Security Culture at Adobe
by Brad Arkin
posted on 10-01-2018
To continue nurturing the security culture at Adobe, we sustain a balanced security program to engage employees throughout the year on security awareness. One of Adobe’s core values is to “be genuine” and this helps guide us to foster an experience to help ensure that Adobe remains a trustworthy partner, one our employees and users can have faith in.
National Cyber Security Awareness Month (NCSAM) — observed every October — was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. At Adobe, we focus on celebrating security throughout the year, but especially during the month of October, taking the opportunity to raise security awareness with talks, training and activities aimed at helping employees be more secure at work and at home.
This year’s lineup includes:
- A Capture the Flag event: this provides our employees with an opportunity to learn some security skills for fun and prizes. Learning how different attacks are produced helps us better design and write code that heightens the security of our products and services.
- A Bug Bounty program for our internal services, in which employees have the opportunity to showcase their creativity and problem-solving skills by trying to identify bugs in various products and services.
- Trainings such as pen testing techniques (get into the mind of a hacker!); threat modeling (walk through potential risks of your services); and other various security tools
- Technical talks on basic security concepts like Defense in Depth, as well as trends throughout the industry
- Digital signage displayed in office locations across the globe with simple, fun security awareness messaging.
- Throughout the month, general security awareness training is administered to all Adobe employees covering basic security practices, such as but not limited to, recognizing a phishing attempt or social engineering attempt, protecting employee assigned assets and password security.
NCSAM is one piece of the puzzle. During the rest of the year at Adobe, we also host ongoing monthly tech talks that are open to the entire company to help keep the conversation around security fresh. Our “Security Exchange” series is aimed at getting people more aware and talking about our internal security processes, perspectives from the industry, and shared learning among teams.
The security team can’t be everywhere at once. Fortunately, we have a host of people in the product engineering teams that are passionate about security and have stepped up to lead the charge in security matters for their teams. These are our Security Champions, valued partners with the security teams that help push their team’s security posture forward.
We also hold security briefings for our Security Champions to help keep them up-to-date on changes in the security space (there can be many!) This forum also allows our security teams to tell their own stories, illustrating what they see day-to-day. In addition, we provide opportunities for our Champions to learn new skills or hone and strengthen existing ones.
As both attack and defense tools and techniques continue to evolve, malicious actors are increasingly turning to attacking the network as well as the human element – this is why embedding security into company culture is so important. Focusing on our employees’ security awareness is critical to maintaining our heightened line of defense.