How do you go about convincing your leadership/board to increase investment in security specifically for web apps? What's been effective, in your experience, for communicating why web application security is important?

Security & GRC Security Strategy & Roadmap

1.8k views2 Comments

Sort by:

Senior Director of Engineering in Software2 years ago

I would gather data regarding data breaches, ransomware, reputation damage, etc from companies that were targeted in the past by hackers.
I think that with data all conversations get easier and you can frame the urgency / importancy of the topic in the most effective way.

Senior Director Of Technology in Software2 years ago

Our webapp is using for online booking so it's critical forums to secure it. We have implement d WAF but still we wanted to implement more measures. Got the devops team working on it and now all external exposed endpoints are secured via slik.

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

If you were in the market to address ITSM, Identity Management, Patch & Release Management, and Endpoint Security for a mid-sized company, would you:

A) go with a one-stop-shop if such a solution existed?76%

B) best of breed24%

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Is Zero Trust a genuine strategy in cyber security or purely a marketing gimmick?

Genuine strategy in cybersecurity.57%

Purely a marketing gimmick.34%

Unsure.7%

View Results

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?