On this week’s episode of Security Nation, we had the pleasure of speaking with Oliver Day, a security professional working for a medium-sized publisher. Prior to working at this publisher, Oliver started a nonprofit providing security services to other nonprofits. He also spent some time working at Rapid7, so we were pleased to have him back with us. Oliver spoke about learning to work with engineering teams on security initiatives, rather than against them.
Here is our recap of the podcast:
Patience and empathy for better organizational buy-in
Oliver took a role that was originally meant to be DevOps, but the organization added security engineering to his role due to his background. In the beginning, he spent most of his time observing how the DevOps team worked and soon began contributing to the code infrastructure. Eventually, the company encountered a security crisis and he was able to integrate the role of security advisor into his role as a DevOps team member.
Oliver found that patience and empathy were two main components of implementing a security operations process that worked for the organization over the long-term. As one of his advisors told him, “Every CTO should be a CEO once, so they learn how to sell.” In the same way, security team members should spend time on other teams so they can understand the business needs from another perspective.
In that light, Oliver spent time asking non-judgmental questions of the organization’s processes, figuring out which of the processes opened the organization up to risk had valid business justifications. He worked to gain trust throughout the organization by asking the why ..
Support the originator by clicking the read the rest link below.
