As a security professional you're hungry to learn everything you can but training isn't quite free. Meanwhile, your boss, and the bosses in a bunch of other business units are fretting all they can about DoD 8570, just one more "unfunded mandate". How does anyone justify the cost of these nonfunctional requirements? This talk will draw some indirect lines in the org chart and cite documentation in various parts of a company to show how training can be a win for the entire organization.

Adam is an engineer. Several years ago, Adam's program got whacked with the compliance stick. If Adam wanted to fly he had to comply. In an odd turn of events, Adam found that all this security compliance made him level-up his systems engineering game. After satisfying a number of security "one-offs", Adam started to realize where non-engineers had strengths and willingness to bolster his program's overall security. As a lonely security engineer in a feature-driven world he credits the infosec community for providing so much "professional development". He is happy to show engineers how fun (less painful?) security can be. Tragically, he has yet to meet anyone who can wrestle failed vuln scanners as well as he can - but he knows that special someone is out there.