Shift left in 60 seconds

Shift left is a way to think about security work. It aims to reduce the most risk, for the least effort, and self-improve over time.

Imagine the set of outcomes for any given security risk:

For the thousands of risks unearthed, we want to tilt the most likely outcomes leftwards on this spectrum, to shift left.

This applies to most (all?) work done by an information security team.



How do we know if its working?