Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@CoreFusionX Bad CoreFusionX, bad!
@100110111
Especially you need people who have a knack for details and diligence.
Death by a thousand needles should be the credo.
Start with small things which accumulate over time.
Dunno which language you program in or what kind of security we're talking about, but the simplest stuff is usually golden.
E.g. proper inventarisation and documentation of ACLs (realizing IPs change and need to be updated)… things like static analysis ... Etc.
The smaller the better. Best things *all* devs can do by their own with a bit of
documentation, e.g. proper validation of file paths and stuff like that.
Okay so, I’ve recently started going through our products’ security postures and their teams’ related practices and processes. I knew things were in a bad state, but I have to admit I’m a bit anxious at how bad things are… and it’s not like nobody cared or anything, quite the opposite; the teams are quite motivated about cyber sec. It’s just that they don’t know what the fuck to do and where to start even if they did.
Okay, that’s my job to figure out the roadmap to improving their security posture and processes and help them implement it. If it wasn’t bad enough that there’s half a dozen products whose cyber sec roadmaps I need to prioritise and manage somehow, I heard this week that due to some organisational rearrangements, the number of products under my stern guidance will nigh on double at some point very soon…
I need a team. Give me a team.
rant
can of worms
overwhelmed devs
cybersec