Security is a topic we all think about, in the tech world and beyond. But what do we do about a subject which is so relevant in today’s world?
Secure development, security by design, coding securely. The questions are,
“can we bring security in our daily development activities and how, to what extend are secure development practices put in place and how do they reinforce our initiatives, and how can we get value from building security in versus trying to bolt it on later?”
We asked a few questions about this hot topic to our guest speaker Nicolas Lymbouris, Senior Advisor, Base Cyber Security, during a Codemotion Meetup in Rotterdam. Here is what he said to us.
Q: What are the most frequent threats related to cybersecurity and what kind of measure do you put in place to face them? What are the challenges that nowadays cyber security industry has to face?
A: The challenges are growing every day as everything nowadays is interconnected and the threat vectors are multiplying: It’s not just a business computer and a network; it’s our mobile devices, our cars, the web and mobile apps we use daily, public and private infrastructure we are connected to, storing our personal data or using for our energy needs. Even every day home items, with the IoT growing fast; so staying on top of intrusions, is becoming an increasingly difficult job.
Technology to monitor, defend and deter such threats is developed and bettered every day. Lots of investments and resources are put in this. But this alone is not enough.
The biggest challenge the cyber security industry is facing right now is the increasing gap of information security skills. This is what Base Cyber Security is focusing on and helping with daily. We need people that can understand these threats, that can use the technology at hand and improve it, that can keep networks and applications safe. As important, we need specialists that can also think and work like intruders, to test systems and infrastructure, be the ethical hackers to bring out vulnerabilities for things to be fixed and improved. Same goes with policies and processes, as the weakest link for security breaches is usually the human factor.
And of course an impactful area is designing securely from the beginning. Helping the people that make things, the developers, get security related skills, is crucial: in that way, we can assure the products they build be more secure by design.
Q: Nations have spent time and money building up military force to protect themselves, but the biggest threat to national security these days seems to come from a computer. Do you agree? Are we really passing from Cold War to Cyber War as someone says?
A: Definitely Cyber Warfare is already a thing of the present. Most of the developed countries have been growing their cyber capabilities for many years, and a lot are putting them in good use already. Not just for traditional wars but also the fight against terrorism; and better protection of their citizen against criminal acts. Where the elections of the most powerful country in the world are affected, directly or indirectly by cyber activities then yes, we’ve already entered an area where cyber warfare is not just used on the battlefield to determine things that affect all of us. The world as we know it is changing faster every day, and cyber security is going to be addressed at government, corporate and individual / personal level.
Q: The security experts and the developers are two different roles that should work together but the collaboration is not always easy. How do you think a bridge between these two worlds can be built?
A: When developers think securely and use best practices including security from the first line of code, they can not just make great, functional, easy to use products but secure ones as well. Developers should want to make secure things!
When security experts understand the developers mission, what they have to achieve and how they do it, they can better work together to get secure development practices in place and be sure that the great products that are created are also secure. A lot of the best security professionals do have a development background, or have worked with and supported development teams before.
Security will also become not just a requirement, but actually a value add to products developed. And is to everyone’s benefit to make things more secure. Something that touches upon all of us, is privacy, our information and data we use in our personal lives, so we can all relate to what it means to be breached.
Hackers are always evolving and finding new ways to break things and into networks and systems, developers and security professionals need to be each other’s best partner, bring their skills and expertise together to make this digital world we live in a better place. That’s why events like this one, bringing Security + Development specialists together are so impactful and important.
Are you interested in #Security? Then check #Security Track at Codemotion Amsterdam!Back to news list