Page 71 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 71

Cyber defenders should be part of development teams and collaborate daily with developers. In the end,
            we all have the same goal: to deliver software features fast that are secure. In organizations where
            development teams are working using Scrum, security professionals should be active participants in
            sprint planning, backlog refinement, and sprint retrospective.



            Consumable security services and APIs:
            We should embrace automation and APIs as much as possible. Security should be self-served and part
            of  the  process.  Developers  should  be  able  to  scan  their  code  and  address  common  vulnerabilities
            (OWASP top 10) on their own. Furthermore, cyber defenders should empower developers by embracing
            security as code and providing developers with libraries, SDKs, and code snippets that include security
            in it.


            Business driven security scores:
            Security metrics must be tightly coupled with business objectives. The main objective of security is to
            enable the business to operate fast and securely. Security professionals should ensure that security
            priorities are closely aligned with business priorities.

            Red & blue team exploit testing:

            Cyber defenders should constantly find, test, and exploit vulnerabilities instead of relying on scanning
            results that might or might not be accurate. Reducing false positives would greatly increase our credibility
            and help us shape software development practices.

            24x7 proactive security monitoring:

            Threat actors do not sleep and are constantly testing our networks and applications for ways in. We must
            partner  with  development  and  operations  to  make  sure  that  we  are  monitoring  the  right  things.  Site
            Reliability Engineering (SRE) practices and techniques should be adopted by security teams.


            Shared threat intelligence:
            We need to start sharing threat intelligence with our development and operations team. One of the best
            ways to do this is through threat modeling. Conducting threat modeling sections with development and
            operations teams is one of the easiest and more effective ways we can engage them and build a working
            relationship.

            Compliance operations:

            Security is more than just meeting compliance; nevertheless, compliance is very important. We need to
            leverage  automation  to  help  us  arrive  at  a  point  where  compliance  is  self-served  and  part  of  the
            continuous integration and continuous delivery pipeline. Auditors and government regulators should not
            be asking for evidence but instead be granted access to a system where this information is automatically
            generated. Moreover, we must be able to test for compliance at all times.







                                 71
   66   67   68   69   70   71   72   73   74   75   76