Technology

Regardless of what type of business you champion security for, you are sure to find yourself balancing the cardinal forces of information security:

1. Technology innovation
2. Competitive pressure
3. Uncertainty about the future
4. Regulatory pressure
5. Cyber threats        

How you effect security under those forces will depend on your organization's degree of digital transformation. With startups or digitally nascent businesses, small wins for compliance might be the only way to carve out a semblance of security posture at first. In the case of larger or tech-forward organizations, differing tech stacks, coding practices, and/or CI/CD maturity levels create a greater imperative to be thorough in your approach.

Either way, disruptive initiatives can come at a human cost if you don't have a strong security culture in place. If that's the case, to take an organization's security plan from zero to one, it's imperative to first position yourself as a partner rather than a consultant. Build trust (e.g. aligning parts of the security story with current business priorities), and maintain it (e.g. handling defects methodically to avoid false positive fatigue).

Having established confidence with other teams, you'll find yourself better able to apply best practices: examining your CI/CD pipeline for greater visibility, building your company-wide platform with enforceable security guard rails, ensuring access control to source code, and so on. Just remember:

Security is a business problem and a business-enabling function.

If security isn't happening at the speed of business, adapt. This is where the woes of ubiquitous tech can be solved with, well, more tech. Machine learning, workflow and patch management automation, and open source security tools, as well as an AppSecOps platform, can save the day.

Technology will not solve all of your security problems, but it will solve many of them. [...] The intelligent use of technology is truly the key to creating and sustaining a successful security program.

With a technology-first mindset,?Chapter 5?of?The Purple Book investigates the security outlook of businesses at various stages of digital transformation, with valuable practical advice from Snap Finance CSO Upendra Mardikar.

Don't see your topic covered? Join the Coauthors of The Purple Book and lend the world your expertise:?thepurplebook.club/contribute-content