In this episode, Spencer and Darrius discuss a common divide found among companies between the Security Team and the development teams. These are two teams that are ultimately trying to benefit the company, and by working together both are able to succeed.
The DevSec Divide: Breaking Down Barriers for Better Security
Introduction
– Darius Robinson is the guest speaker
– The episode will discuss the divide between security teams, developers, and leadership in the context of DevSecOps and development security
Divide between development teams and security teams
– Developers are seen as the “golden children” contributing to the company’s success
– Security teams are often overlooked and can struggle to get traction
– Misunderstandings between the two teams can lead to serious consequences and compromises
Challenges on the development side
– Developers face increasing complexity and faster turnarounds in a competitive market
– Focus on functionality rather than security in coding boot camps
DevOps and its impact
– Developers are working closely with the operations and infrastructure team
– This collaboration leads to better integration and communication
Challenges on the security side
– Security teams are not always involved from the beginning of development
– Lack of development skills among security professionals
Legacy code and frameworks
– Challenges when developers work with old code bases
– Options include rewriting or reworking parts of the code
Shifting left and integrating security
– Bringing security into the software development life cycle early on
– Designing and implementing security from the start
– DevSecOps services that catch vulnerabilities during the process
Best coding practices for security
– Importance of secure coding practices for the entire organization, not just developers
– Overlooking security can lead to breaches and leaked credentials
Improving the relationship between teams
– Importance of team building and fostering relationships beyond work
– Security teams should avoid being seen as the ones always saying no and focus on facilitating production
Communication skills for security practitioners
– Pen testers and security professionals should improve their communication skills
– Translate technical findings into risk and effectively communicate with stakeholders
Blog:Â https://offsec.blog/
Youtube:Â https://www.youtube.com/@cyberthreatpov
Twitter:Â https://twitter.com/cyberthreatpov
Work with Us:Â https://securit360.com