What do you hate about your security teams? What do you love about them? I am trying to understand how to make them an effective ally, so it doesn't feel like they are in our way.
TC: 720 #tech
You need to spend a day in each other’s shoes and meet in the middle.
Security teams that don’t write any code often have no empathy in what they are asking dev teams to do.
Dev teams resent anything that slows them down, since they focus on the added friction, and don’t see the broader picture how their actions at scale increase risk for the business.
The ideal scenario is finding a good trade-off in security vs velocity. Security should work with devs to find a way to be secure with less effort on the part of the devs. Devs should understand the why behind an ask so they can develop their own security expertise, and security can do the same anticipating how what they want to do will impact dev productivity.
You need to spend a day in each other’s shoes and meet in the middle. Security teams that don’t write any code often have no empathy in what they are asking dev teams to do. Dev teams resent anything that slows them down, since they focus on the added friction, and don’t see the broader picture how their actions at scale increase risk for the business. The ideal scenario is finding a good trade-off in security vs velocity. Security should work with devs to find a way to be secure with less effort on the part of the devs. Devs should understand the why behind an ask so they can develop their own security expertise, and security can do the same anticipating how what they want to do will impact dev productivity.