Subscribe to the CyberThreatPOV Podcast

Episode 66: The DevSec Divide: Breaking Down Barriers for Better Security

In this episode, Spencer and Darrius discuss a common divide found among companies between the Security Team and the development teams. These are two teams that are ultimately trying to benefit the company, and by working together both are able to succeed.

The DevSec Divide: Breaking Down Barriers for Better Security

Darius Robinson is the guest speaker
– The episode will discuss the divide between security teams, developers, and leadership in the context of DevSecOps and development security

Divide between development teams and security teams
– Developers are seen as the “golden children” contributing to the company’s success
– Security teams are often overlooked and can struggle to get traction
– Misunderstandings between the two teams can lead to serious consequences and compromises

Challenges on the development side
– Developers face increasing complexity and faster turnarounds in a competitive market
– Focus on functionality rather than security in coding boot camps

DevOps and its impact
– Developers are working closely with the operations and infrastructure team
– This collaboration leads to better integration and communication

Challenges on the security side
– Security teams are not always involved from the beginning of development
– Lack of development skills among security professionals

Legacy code and frameworks
– Challenges when developers work with old code bases
– Options include rewriting or reworking parts of the code

Shifting left and integrating security
– Bringing security into the software development life cycle early on
– Designing and implementing security from the start
– DevSecOps services that catch vulnerabilities during the process

Best coding practices for security
– Importance of secure coding practices for the entire organization, not just developers
– Overlooking security can lead to breaches and leaked credentials

Improving the relationship between teams
– Importance of team building and fostering relationships beyond work
– Security teams should avoid being seen as the ones always saying no and focus on facilitating production

Communication skills for security practitioners
– Pen testers and security professionals should improve their communication skills
– Translate technical findings into risk and effectively communicate with stakeholders

Work with Us: