5

Okay so, I’ve recently started going through our products’ security postures and their teams’ related practices and processes. I knew things were in a bad state, but I have to admit I’m a bit anxious at how bad things are… and it’s not like nobody cared or anything, quite the opposite; the teams are quite motivated about cyber sec. It’s just that they don’t know what the fuck to do and where to start even if they did.

Okay, that’s my job to figure out the roadmap to improving their security posture and processes and help them implement it. If it wasn’t bad enough that there’s half a dozen products whose cyber sec roadmaps I need to prioritise and manage somehow, I heard this week that due to some organisational rearrangements, the number of products under my stern guidance will nigh on double at some point very soon…

I need a team. Give me a team.

Comments
  • 1
    Unpaid interns to the rescue 😅
  • 1
    @CoreFusionX Bad CoreFusionX, bad!

    @100110111

    Especially you need people who have a knack for details and diligence.

    Death by a thousand needles should be the credo.

    Start with small things which accumulate over time.

    Dunno which language you program in or what kind of security we're talking about, but the simplest stuff is usually golden.

    E.g. proper inventarisation and documentation of ACLs (realizing IPs change and need to be updated)… things like static analysis ... Etc.

    The smaller the better. Best things *all* devs can do by their own with a bit of
    documentation, e.g. proper validation of file paths and stuff like that.
Add Comment