The role of security teams in modern organizations has changed dramatically in recent years due to the rapid advancement of technology. The shift began 5-10 years ago, when security departments split off from IT departments, taking a different approach to problem-solving and network security. As a result, security teams have had to become more engineering-focused to keep up with the speed of business.
In the past, security teams would focus on blocking access to production and chasing engineers to assure they were following security policies. Now, security teams are focusing on building secure foundations and paved paths that allow engineers to build applications in a safe and secure way.
Investing in security early is the key to success. When an organization is just starting out, it’s important to create protected pathways for engineers to quickly and safely build applications. This includes creating templates for examples like a PII secure data store that has the right security configurations, hardening, and monitoring already included, so that developers can immediately start building their application with the right levels of protection. By taking the necessary steps early on, organizations can ensure their data is protected, and their engineers can focus on what they do best: building applications.
To better understand the evolution of security teams, Travis McPeak, CEO & Co-founder at Resourcely, sat down with Caleb Sima, CSO & Security Leader, to discuss the following topics:
- The evolution of security teams
- The concept of security paved roads and secure by construction
- The trade-off between investing in paved roads and other projects
- And how to get started building secure paved roads.
One of the most important steps to take in any security journey is to focus on stopping the bleeding. This means that organizations should invest in mitigating classes of vulnerabilities, rather than focusing solely on reactionary ops work.