Out-Siloing Security and Development to Mitigate Cyber Risk
Harness Field CTO on Why Security Must Be Part of Development, Not Post-ProductionDevOps is a fascinating software engineering trend that makes digital transformation possible. But if it takes a long time to remediate a security issue, the process of software development slows down dramatically.
See Also: Rethinking Browser Security: From Risk to Asset
The problem lately is that security and development are treated as two disparate processes, said Nick Durkin, field CTO and vice president of field engineering at Harness.
"We've got people dealing with security issues after the fact - once it's in production. We're not actually making it part of the pipeline. Not shifting the workload left but shifting the information left and giving it to engineers when it matters allows us to start making sure that it's easy for people to do the right thing, and it's really hard for them to do the wrong thing," he said.
In this video interview with Information Security Media Group at RSA Conference 2023, Durkin also discusses:
- What it means to shift information left and how it affects security;
- How application development efficiency can be optimized by user organizations;
- Modern ways to enable more efficient workflows for developers.
Durkin previously served in technical and executive roles in OverOps, DataTorrent and Early Warning. He was lead architect on the Department of Homeland Security's FIVICS initiative and has patented multiple anti-fraud technologies currently used by financial institutions.