Internal security trainings and awareness awards | ESM part 7

Conduct recurring security trainings Videos and online presentations are good, but nothing can really replace quality in-person meetups. Show as many demos as possible and don’t stick do overloaded PowerPoint presentations which put people to sleep. It’s fine to share raw technical details as a recap materials, but while starting out you must make people … Continue reading Internal security trainings and awareness awards | ESM part 7 →

Embrace DevSecOps | ESM part 6

Concept of purple teaming is something I felt in love with many years ago when I was experimenting with various ways to make myself more effective. Everything has changed — in a good way — when I started embracing culture of collaboration where attackers and defenders work together to create best possible way of securing the products. We’re out … Continue reading Embrace DevSecOps | ESM part 6 →

Make security simple | ESM part 5

Simplify it for them Security is often perceived as complex and cumbersome which makes engineers unwilling to work on it. In order to get things done you need to simplify and carefully explain your requirements. Strive to make it easier to build secure products because cheaper it is to add security, more likely it’ll get … Continue reading Make security simple | ESM part 5 →

Educate executives and middle-management first | ESM part 2

Set common goals with management and executives It rarely happens that engineers themselves don’t want to build security into their products for no reason. The problem is that very often in startups and SMBs, middle management isn’t held responsible for product security, and the only thing they’re rewarded for is if the feature-rich product … Continue reading Educate executives and middle-management first | ESM part 2 →

Start small and early | ESM part 1

Start small Take baby steps to show everyone in your company that security doesn’t need to be tangled and complex. If you show people that it takes 3 clicks to secure their computer more, their mindset will change and they’ll be eager to implement more of such hassle-free solutions. Do the things that have … Continue reading Start small and early | ESM part 1 →

Employment expectations’ mismatch and recruitment pitfalls in InfoSec

This article is considered to be a follow-up to the “Hiring your first security professional”, so if you haven’t yet, I recommend you to read it before you continue with this one. For a last few years there wasn’t a month when I haven’t read about InfoSec professionals shortage, security skills gap and what not. … Continue reading Employment expectations’ mismatch and recruitment pitfalls in InfoSec →