Reduce Critical Vulnerabilities by 95% with Application Context

Building a Security Program with Developers in Mind

I caught up recently with Justus Post, Principal Cyber Security Architect at Bose. Justus is a prime example of why developers make great security pros. After all, if you understand how something is built, you’ll be able to secure it. 

Justus developed an interest in technology (and more importantly, an interest in breaking technology) as a kid just trying to get free long-distance calls. Now, he has a career in security.

Top 3 Takeaways

Make Learning Relevant to Your Audience

While working for Nike, Justus took part in the company’s first hackathon, which led him into a corporate information security role. He then started leading security-focused lunch-and-learns with developers as the target audience. His advice is to pick a topic that’s relevant to them. There’s so many topics to choose from, but what will your development team truly care about? If there’s a topic that aligns with what they’re working on or a vulnerability that the team encountered, that’s a good place to start.

Never Underestimate the Power of Security Soft Skills

Justus highly recommends that security professionals flex their soft skills to build strong relationships with developers. If you can build rapport and become a trusted advisor to the developers you work with, it will be much easier to have difficult conversations down the line. 

Secondly, Justus is all about championing your developers. Give them the credit for fixing all those security bugs. Recognize their achievements for reducing the 100s of vulnerabilities to just a few.  

Finally, know your audience. Speak to product managers in terms they will relate to – how much time it will take, which sprint will this fall under, etc. Apply the same logic for other audiences. 

Security is a Continuum

Security can be overwhelming. With tons of tools on the market, it’s hard to figure out which tools make sense for your organization. Justus suggests starting with the tools that you have access to now, like the native security tools available from your cloud service providers. Use these tools to the best of your ability. Once you’ve fully implemented it, you can work on improvements and have a much better idea of what you need when looking for an alternative.

Thank you, Justus, for a great conversation. You can find all available Champions of Security episodes here.

Did you find this blog helpful or interesting?

Click the social media button of your choice to share the blog with you friends and colleagues.

See a Live Demo of the Bionic Platform