Application Security/Software Assurance
Security Congress Abstract
The information security profession needs to change in order to stay relevant in today's technology space. This is a cultural and organizational shift to put security into DevOps . We need to change the "mine, mine, mine" paradigm, which hampers organizational productivity. Teams form during crisis, but we can’t continue to work in crisis mode, with information security becoming involved in the last stages of a project while still held accountable for secure delivery. Info security needs to empower the rest of technology, through training and education, and shared responsibility for security. If everyone is responsible for security, we must also relinquish some of our authority. Empowerment means accountability and a shared commitment to excellence, and ensures that security is built into the process.