Security leaders, how are you working with your CIO when it comes to ‘secure by design’ strategies/projects? Are you seeing any progress/benefits come out of those efforts yet?
Sort By:
Oldest
Director of IT in Healthcare and Biotecha year ago
I happen to wear both hats and it is really a mindset that has to come as part of the work. I view it as part of requirements gathering and it just means we have that in mind from the get go. All 3rd party vendors have a security review from the start and we just incorporate this mindset across the organization.Chief Technology Officer in Mediaa year ago
Yes there are benefits like enhanced security, cost savings, reduced risk, user trust and reputation.VP of Strategy and Product Management at Nextgen Clearing in Telecommunicationa year ago
Absolutely. This is a critical part of the relationship and key to our success.Senior VP & CISOa year ago
AS others mentioned, there are benefits related to cost savings, risk reduction, and improved security. But i think the real value to the CIO is they gain the time back for their team -- no more rework, fire drills, proactive not reactive, etc. By shifting left, the work is done up front and more efficiently. CIOa year ago
There are a few comments here related to risk reduction, operational efficiencies, etc. which are all exactly right. The benefits in the big picture are (nearly) indisputable. I think the challenge is how and where to begin - Do we start a 'Secure by Design' project as a separate entity? Do we designate product managers or senior developers as Security Champions? My personal experience is that Secure by Design feels a lot like Six Sigma efforts of years past. Big program offices are expensive and prone to failure. Success here for me has been very tactical, enlisting a key leader or two, or selecting a single prominent to focus on as a win. Then, build on that ground up.