Home

What helps technical professionals take ownership of security?

In the startup world at least, most of the employees have equity in the business. If you are working in an established company, you are looking at your salary, bonus, and other perks. But in a startup environment, you are dreaming big and sacrificing early on in terms of your compensation, etc. That means you need to have the fundamental thinking that you are part owner there, and therefore you cannot give up.

19 views
2 comments
0 upvotes
Related Tags
Anonymous Author
In the startup world at least, most of the employees have equity in the business. If you are working in an established company, you are looking at your salary, bonus, and other perks. But in a startup environment, you are dreaming big and sacrificing early on in terms of your compensation, etc. That means you need to have the fundamental thinking that you are part owner there, and therefore you cannot give up.
2 upvotes
Anonymous Author
I wear many different hats in our organization—developer, architect, and engineer—so I have two perspectives. There's ownership from a security perspective, when you're working in the security organization: it's my duty to fix this, or remediate this, or help these people do this from a technical aspect. What can I learn to help these people and guide them? Because there's the old saying: give a man a fish and he eats dinner; teach a man to fish, and he's never hungry the rest of his life. When you can teach those developers or architects something fundamentally secure, it gradually and exponentially goes on down the line. Coming from that, the perspective of the technical person is that building in security means I don't have to go back and redo my work. A lot of people don't like doing that. So, when I'm building something, I try to make sure I cover every perspective. And if this is something that could be repeatable, I create a process to make sure that it's repeatable in the future. Provide some kind of foundational process or step-by-step guide. It comes down to: what work am I producing and how does it help keep the company secure?
2 upvotes