4 Comments
Jul 26Liked by Ross Haleliuk

This is a great take -- I largely agree but I suspect at the same time this is partially due to where the money is. In my experience companies with great software engineering disciplines tend to have higher expectations of their security team, and the security team expect more in kind. Just like in software engineering the most advanced teams/processes/etc tend to be found in the highest-performing organizations, the people tend to stay there too... and salary/benefits tend to be quite different as well. If the process and discipline knowledge is going to bleed out into more security teams in more industries I think there needs to be some external driver to promote this sharing.

Open-sourcing documentation for example is a good thing to do but it doesn't seem to be enough.

Expand full comment
Jul 26Liked by Ross Haleliuk

I’m not trying to be flippant, but is this not already happening? Who hasn’t received this message?

Security practitioners need to meet customers and partners where they are at and many (if not most) have already had to adapt to these ways of working.

Expand full comment