Ask a security professional about infosec challenges, and you’ll get an earful of complaints about everyone else: Users click on bad links and open attachments, developers release buggy code, IT lags in applying software patches, the C-suite doesn’t understand security priorities, and so forth.

But the truth is IT is figuring out how to work with developers, and today, many enterprises are starting to take user training seriously. In fact, security professionals fail to collaborate because they’re too busy pointing out all the things everyone else is doing wrong.

Case in point: Last week, when I was at the RSA Conference in San Francisco, the DeveloperWeek conference was underway nearby. At the latter conference, I could find only one security-related talk on the schedule: Pete Chestna, Veracode’s director of developer engagement, talked about how security was the next opportunity for developers. Veracode also had two workshops at DeveloperWeek on how the company approaches devsecops (the integration of devops and security).

To read this article in full or to leave a comment, please click here

Source: Security