Page 126 - Cyber Defense eMagazine January 2023
P. 126

activities like threat modeling, application design, and what’s in the software supply chain to integrate
            security across every aspect of development.

               (2) Continuous

            Secure coding training must be a continuous and evolving journey. It should never be a check-box, one-
            and-done exercise. In order to keep security front of mind, constantly building on knowledge and being
            aware of the ever-changing issues in the market is crucial.

               (3) Rewarded

            Organizations should offer incentives or rewards to those who consistently apply security best practices
            in  their  day-to-day  work.  Security  champions  engage  others  and  organically  influence  change.  By
            measuring results – like the number of vulnerabilities in code before and after training programs – and
            recognizing success, it is also far easier to get buy-in from stakeholders and justify the investment in
            secure coding education to the decision-makers.




            Looking ahead
            Innovation and security can integrate into the SDLC as long as we recognize these are not two aspects
            of development at odds with each other. This mindset needs to change, especially in an era where new
            critical vulnerabilities are revealed weekly and cybercriminals are becoming increasingly sophisticated.
            Staying one step ahead requires a commitment to application security education. This isn’t a one-off but
            a career-long journey we need to kick-start today.





            About the Author

            Amy Baker is a Security Education Evangelist at Security Journey. Over
            her 30-year career, Amy has more than 10 years of experience driving
            the mission of improving security knowledge for employees in all roles.
            Her current responsibility is dedicated to improving security knowledge
            for everyone in the software development life cycle, with a specific focus
            on developers. Her experience started as a leader at Wombat Security
            and Proofpoint (post acquisition in 2018). She has spoken at various
            infosec  conferences  and  webinars  about  best  practices  in  managing
            security  training  programs  such  as  Gartner,  SecureWorld,  and
            ISSA. Amy can be reached online via our company website https://www.securityjourney.com/











            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       126
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   121   122   123   124   125   126   127   128   129   130   131