Source: thenewstack.io
Security Teams as Internal ConsultantsCategory: Security
A cliche too often whispered is that the IT security team is viewed as a warehouse of unwanted staff who always say no. When that happens, the entire organization suffers.
Only when the project is ready for general availability release is there a grudging inclusion of the security team; that is, if they are ever included.
First, you have to break down the mentality that security is the responsibility of only the security team and product is the responsibility of the product team.
And when you factor in the high cost of employing consultants, the time and expense of providing training in security best practices to your entire team becomes a bargain — and that is not even accounting for the benefits of reduced risk by incorporating security best practices into all stages of development, deployment and administration of technology.
By taking steps to ensure that everyone on the team is paying attention to the basics of security, and that they trust the experts on the specialized security team to provide more advanced support when needed, you can reduce your risk of attack while improving your ability to identify issues and recover your systems significantly.
Only when the project is ready for general availability release is there a grudging inclusion of the security team; that is, if they are ever included.
First, you have to break down the mentality that security is the responsibility of only the security team and product is the responsibility of the product team.
And when you factor in the high cost of employing consultants, the time and expense of providing training in security best practices to your entire team becomes a bargain — and that is not even accounting for the benefits of reduced risk by incorporating security best practices into all stages of development, deployment and administration of technology.
By taking steps to ensure that everyone on the team is paying attention to the basics of security, and that they trust the experts on the specialized security team to provide more advanced support when needed, you can reduce your risk of attack while improving your ability to identify issues and recover your systems significantly.
Related Articles
Community Partners
DevOps Careers