How Amazon CISO Amy Herzog responds to cybersecurity challenges
- by nlqip
First, “we take a working backwards approach to product development. This means that we start by understanding our customers’ needs and build our products around them. From design time forward, our security and product teams work together to ensure our products meet our customers’ expectations for security.”
The next step is to sit with the scientists and brainstorm their priorities to figure out who does which part of the protection. “Part of our mantra is that we bring in security specialists early in this process, so that they are part of the design and product teams and are very much collaborative partners, instead of addressing security later on in the development process,” Herzog tells CSO.
This last point is sadly all too typical for many other companies because it puts security at odds with product development. “This means a security review is doing code scanning to find and fix stuff at the last minute,” she said. “Instead, we do scans throughout the coding lifecycle. While it is harder to do this, it provides a positive feedback loop and produces better and faster results and has the added benefit of having the security team feeling part of the development process as just another builder,” rather than some control point that could set up a more adversarial position. “Our goal is to engage early and often with the product team.” Call it the Chicago voting style of security management.
Source link
lol
First, “we take a working backwards approach to product development. This means that we start by understanding our customers’ needs and build our products around them. From design time forward, our security and product teams work together to ensure our products meet our customers’ expectations for security.” The next step is to sit with the…
Recent Posts
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict