I caught up recently with Justus Post, Principal Cyber Security Architect at Bose. Justus is a prime example of why developers make great security pros. After all, if you understand how something is built, you’ll be able to secure it.
Justus developed an interest in technology (and more importantly, an interest in breaking technology) as a kid just trying to get free long-distance calls. Now, he has a career in security.
Top 3 Takeaways
Make Learning Relevant to Your Audience
While working for Nike, Justus took part in the company’s first hackathon, which led him into a corporate information security role. He then started leading security-focused lunch-and-learns with developers as the target audience. His advice is to pick a topic that’s relevant to them. There’s so many topics to choose from, but what will your development team truly care about? If there’s a topic that aligns with what they’re working on or a vulnerability that the team encountered, that’s a good place to start.
Never Underestimate the Power of Security Soft Skills
Justus highly recommends that security professionals flex their soft skills to build strong relationships with developers. If you can build rapport and become a trusted advisor to the developers you work with, it will be much easier to have difficult conversations down the line.
Secondly, Justus is all about championing your developers. Give them the credit for fixing all those security bugs. Recognize their achievements for reducing the 100s of vulnerabilities to just a few.
Finally, know your audience. Speak to product managers in terms they will relate to – how much time it will take, which sprint will this fall under, etc. Apply the same logic for other audiences.
Security is a Continuum
Security can be overwhelming. With tons of tools on the market, it’s hard to figure out which tools make sense for your organization. Justus suggests starting with the tools that you have access to now, like the native security tools available from your cloud service providers. Use these tools to the best of your ability. Once you’ve fully implemented it, you can work on improvements and have a much better idea of what you need when looking for an alternative.
Thank you, Justus, for a great conversation. You can find all available Champions of Security episodes here.