Five essential steps to shift security left (Episode IV)
Building an undefeated, undisputed security champion
The modern developer is adept in a wide variety of different ways — from speaking a foreign language (Java) to understanding software design patterns and more. Despite their penchant for being something of a renaissance man/woman, secure coding isn’t typically a core competency they are trained in. However, adding this skill to their tool belt is wise as it helps make them as formidable as a certain caped crusader that favors the color black.
It’s not just developers that benefit from security training though. One of the primary tenants of DevSecOps, is that security is the responsibility of the entire organization. Ideally, a culture is created within the company that is built on openness and ongoing learning. The silo approach to software development is one of the few retro things from the past that was NEVER cool. Without trust and cooperation amongst the various teams, security often becomes shoddy and reactive.
Because there is a scarcity of qualified security professionals, an organization can find it challenging to make the jump from DevOps to DevSecOps. This is where shrewd organizations identify individuals within the Dev and Ops groups that understand security. These individuals serve as the catalyst for security infusion and become your champions in evangelizing DevSecOps throughout the org chart.
In Step Four of 5 Essential Steps to Shift Security Left, Chris Wysopal, CTO and Co-Founder at Veracode, elaborates further on why establishing security champions within an organization is a critical step in a shift left culture. Check out the video to learn more!