Let’s talk about security in an organization. Most commonly, security sits at or after the last phase of the software development life cycle (SDLC) and can make or break the decision to release into production.
Unfortunately, waiting on such decisive feedback until after something has been built frequently results in needing to make changes after it’s been marked as ‘complete’, which is costly and inefficient.
Instead, let’s learn from how we created shorter development cycles – instead of making Big Decisions at the very end, make smaller, iterative decisions throughout the entire journey that are easier to implement or reverse.
One way to do that is by implementing DevSecOps, which adjusts the workflows of development, operations, and security so that security decisions are made on smaller scales at every phase of the SDLC.
As with development and operations, even with preparation there can still be incidents – in this case, security incidents – so I’ll also be reviewing our 14 Step Secure Incident Response process, including the what and why of each step.