Security & Governance
Security & Governance
You don’t need to be a security expert, but you do need to be literate. This section covers the security and compliance landscape a manager should understand: the standards bodies and frameworks (OWASP, NIST), and the compliance regimes (SOC 2, ISO 27001, GDPR, CCPA, and cookie compliance) that shape how teams handle data and risk.
In this section
Security Standards & Orgs: OWASP, NISTThe two standards bodies an engineering manager actually needs to recognize — OWASP and NIST — what each one is for, and how to use them without becoming a security specialist.
Compliance Literacy: SOC 2, ISO 27001, GDPR, CCPA & Cookie Compliance 🚧 ExpandingA manager's plain-language map of the compliance regimes that shape how teams handle data and risk — SOC 2, ISO 27001, GDPR, CCPA — plus the cookie-compliance corner that quietly touches almost every website.