The BTN recently partnered with Synk, a developer security platform for securing code, dependencies, containers, and infrastructure as code for an exclusive virtual roundtable event. This session looked at 'Security Champions: Providing Scale & Speed for your Developers' and was an opportunity to share insights around the topic of security within organisations.
Cyber security has risen to prominence on the agenda of many business leaders.
Large firms have been struggling with it for decades in spite of significant investments in that space, but for many across the boardroom, the realisation has taken place over the past few years that cyber-attacks were simply a matter of “when” not “if.
In spite of being widely used, the role of the Chief Information Security Officer (CISO) has only had a few decades of existence and is still evolving.
You don’t have to go far to find cyber security professionals complaining about skills shortages, but the problem has several dimensions which have to be understood and mapped out before we can start to figure out possible solutions.
This is no longer just about tech — if it ever was
Surveys focused on the concerns and priorities of the CISO community have been quite consistent over the last few years, and collectively, they paint a slightly uncomfortable picture: The picture of CISO roles and security practices still operating bottom-up, disconnected from the dynamics of the business and the broader culture of their organisation.
In 2021, hackers exposed the personal information of 533 million Facebook users, including phone numbers, full names, birthdays, locations, and bios — all because of a small Facebook failure. This is an example of how missed bugs can become a nightmare for product owners, stakeholders, developers, QA engineers, and, as a result, users.
For a number of years, I have been puzzled by the high idea some cyber security professionals seem to have that their job is about convincing other people: Convincing users that they need to do certain things to protect themselves and their data; Convincing the Board that they need to invest more to protect the business, etc…
Brady Gentile from Cloudflare's product team wrote an App Developer Playbook, embedded within the developer documentation page. He decided to write it after he and his team conducted several app developer interviews, finding that many developers wanted to learn how to better promote their apps.