Welcome to all the new CyberLite readers who’ve joined since the last issue! If you haven’t joined them yet, you can get the most impactful news in cybersecurity delivered to you each week by subscribing here.
This issue isn't a traditional one as I'm away all week so haven't been able to keep up with everything in the news, so instead I've decided to write about why I'm so excited to be working in cybersecurity. Normal programming will resume next week!
When I was applying for security positions as a graduate I did a lot of video interviews (I can only thank the pandemic for that) and I was reliably asked again and again, "Why do you want to work in security?". Initially, I'll be honest, my answers left a lot to be desired. But with more time to think I started to really understand what was driving me and I finally landed on the key reason why I wanted to start my career in security. Enabling innovation.
Innovation is something that every technologist is passionate about; we want to change things, we want to break things and we want to see progress happen as fast as humanly possible.
Security done incorrectly is a burden to innovation; developers complain about security holding them back and slowing down the implementation of new features. But if security is done right then it can enable innovation and allow it to be done in a safe and sustainable way. I want to enable people to carry out constant innovation, unburdened by security concerns. That's the gold standard for what security can be and I want to be part of realising that.
In a recent issue of Clint Gibler's excellent tl;dr sec newsletter he summarised a presentation given by the former director of Android security; it's a perfect example of how security can enable innovation.
Having your security team focus on minimizing risk is setting your sights too low. The goal of a security org should be to facilitate the types of experiences that weren’t possible until we had achieved that level of risk mitigation.
When I led Android security at Google, we had an incredibly high security bar. Why? We were building an OS, a platform upon which billion dollar companies like Uber were being built. If we built a fundamentally insecure platform, all of these companies building on top of us would fail. Framing it this way caused us to view Android security very differently internally and helped drive conversations with development teams and product.
The security of the platform you’re building unlocks business potential. This fundamentally changes the conversation with the business- it’s not about minimizing downside, it’s about unlocking upside.
Historically, different product groups and parts of the business meet at the table and come with the promise of “unlocking upside” and “unlimited potential,” while security shows up talking about “minimizing downside.” That’s why security hasn’t had a seat at the table. But no longer - building secure platforms can unlock massive business upside. Link.
I hope that’s provided some inspiration for those of you looking towards a career in security. If you’re asked “why do you want to work in security?”, maybe this can help you find your answer.
Security can't be considered a barrier to speed. Remember, cars have brakes so they can go fast! We need to ensure software can develop quickly too, protected by application security and not hindered by it. Link.
❤ Liked what you read?
Nothing helps me out more than sharing CyberLite with a friend who might enjoy it. If you do please tag me so I can say thanks!
If you’re that friend… Sign up here to receive CyberLite every week!
🎁 Wrapping Up
Thanks for reading, I’ll catch you next week!