Security starts as soon as the project starts. Every decision you make needs to be one that considers whether you will compromise on security - but human beings fail to do this for one reason - bureaucracy.

I think there's multiple reasons for this. Bureaucracy is one, not seeing the need is one, putting other priorities higher...

Whether you agree on this security point or not, fact is that the amount of attacks and malware strains keeps rising daily so whether you care about security or not is irrelevant; if you don't give it thought, the chance of getting compromised is very much higher.

@linuxxx that’s my point. You’re more considered about the processes of producing what the stakeholder wants rather then producing what actually matters. What actually protects the organisation. Bureaucracy is the problem. Rather than fighting the stakeholder in the interest of preserving their safety - you succumb to deadlines and requirements. All a form of bureaucracy. Perhaps the agile philosophy isn’t what the industry needs. Perhaps agile promotes getting stuff done as quickly as possible and agile is precisely why security has become a “relaxed” affair.

@whiskey0 Yeah i mostly agree, just don't agree that bureaucracy is the problem by default. Not enough awareness doesn't have to have anything to do with bureaucracy, per se. (for example)

@linuxxx I’m not going to argue incompetence. This industry is plagued with it.

@whiskey0 For the record, you're talking to a cyber security engineer :)