One of the (many) challenges that attracted me to a role within Information Security was to seek a way of better integrating and aligning the benefits of both amazing products alongside amazing information security. Now, 'amazing' security need not require multi-million $ appliance-level technology or investment, but should be sat close to the edge of the trail-blazing curve from both an AppSec and InfoSec standpoint both through practices, culture and attitude. What do I mean? Well, right now I'm not 100% certain, hence this blog post (I'm looking for ideas and validation/criticism) but here's the concept: What if Security itself became a 'Product' for the business much like any other they produce? Or perhaps - but I am shying away from the idea for a few reasons I'll explain - a set of features/requirements that are baked in to every product we release? Sure, best practices and ISMS frameworks mandate/dictate what 'best practices'
A career in Marketing, Technology, Information Security and Managed Services. Thoughts. Discoveries. Questions. Open sourced and candid. All views are my own.