Talk: Proactive Security, less buzzword, more action
How to implement proactive security controls.
Security is becoming an increasingly visible and large concern for both businesses and consumers. Often that increasing profile comes with additional management support and funding, but that can also come with ill-informed assumptions or ineffective focus when the motivation to improve security occurs in a vacuum without accompanying expertise.
While it is easy to point to high-profile topics like penetration testing, red teaming or other adversarial approaches, those programs often have little to offer in terms of direct guidance to the daily efforts of the development teams actually responsible for the creation of code and company products.
In order to better make a lasting impact and increase the overall resilience and robustness of a company in the face of the modern threat landscape, proactive security controls are a far more valuable investment and focus point for employers to make.
But that implementation itself contains significant challenges and obstacles, all of which must be acknowledged and handled with care and thoroughness, to ensure that controls are placed in such a way to enable and empower their users and be firmly aligned with both their natural way of working and business needs. Often this will involve a greater emphasis and on the assessment and analysis, to find natural points of improvement and high impact and maximize return while minimizing risk on a case by case basis, rather than a blind checklist of rigid best practices.