How do you ensure that security protocols and practices don't hamper the developer experience?

2.4k views5 Comments

Sort by:

Chief Information Security Officer in Software2 years ago

Balancing security protocols with a seamless developer experience is crucial. I prefer to prioritize embedding security into the development process from the outset, ensuring that tools and practices are intuitive and integrated. Continuous feedback loops with our developers allow us to refine and optimize. By doing so, we aim to be the 'light on the hill'—setting an example for how security can enhance, rather than hinder, the development process. This collaborative approach ensures both robust security and a streamlined development experience.

CISO2 years ago

Adopt and encourage a secure by design culture across development teams, enable development teams to be able to incorporate security tools as part of their CI/CD pipelines. Create collaboration and ensure open communication between development and security teams. Feedback loops!

Chief Information Technology Officer in IT Services2 years ago

we try yo integrate security seamlessly into the DevOps pipeline, provide user-friendly tools with real-time feedback, and foster open communication between developers and security our teams for continuous improvement and collaboration.

CEO in Software2 years ago

I don't know if you can "ensure" that security won't hamper developer experience, but it is a worth goal. I think similar to what Hernan Garcia posted, the best way (sounds counter intuitive) is to have security be part of early architecture and RTP process. When you build it first and then ask for security to help "fix" it, the long term impact on developers, at least in my experience, is worse.

CTO in Transportation2 years ago

They should be part of the development workflow and, if possible, integrate the checks on your CI pipeline to get fast feedback when broken. Similar to automated tests, they should be understood as a tool that helps the team to create and deliver better software.

Content you might like

Has anyone had any success with evaluating the impact of using Generative AI tools such as GitHub's Copilot on the productivity or performance impact on developers? I see a lot of qualitative discussions about how developers say they are more productive, but how are you measuring that impact?

Seeking insights for research universities regarding CMMC 2.0 adoption and compliance. I'm listing our full question set below, but we would welcome insights on any or all of these:

1. What is the anticipated timeline for CMMC 2.0 adoption by the Federal Government? Any insights on the expected rollout and implementation schedule?

2. From a Higher Ed CIO perspective, what are the key operational differences between each "level" in CMMC 2.0? Are there any specific challenges or considerations especially for research universities?

3. For a research university, which CMMC level would be the most suitable target? Are there any key dates or deadlines that Higher Eds and researchers should be aware of in their compliance journey?

4. What are the most crucial features or elements of CMMC that universities need to achieve compliance? Any recommendations or best practices?

5. Specifically, are there any requirements in CMMC for 7/24/365 "eyes on glass" network and/or endpoint monitoring? If there is an endpoint requirement, does it extend to all servers and laptops issued by the university, or is it limited to hosts involved in research grants? What is expected to demonstrate compliance in this regard?

6. Apart from CMMC compliance, are there other considerations or or strategies to consider when seeking to qualify for/reduce cyber risk insurance costs?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%

View Results

Does anyone have recommendations for risk management background services for a large technology consulting company? The employee count is over 20K.

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%