|
|
|
|
|
|
by Stefan-H
31 days ago
|
|
|
"We don't have a dedicated security team because security and privacy are integral to all aspects of our service". Do you have people whose role is explicitly security? Who are the security SMEs in your organization if not? I personally find the "Security is so important to us that we don't have a team dedicated to it" argument weak, and often results in misaligned incentives - if individuals have to alternate hats from "deliver results" to "properly vet security", the business push to deliver tends to win out. I'd be very curious to hear how you ensure your team doesn't fall into that trap. |
|
|