What makes a good security program? A program that 'connects'
In the past few days someone asked me how to pass an interview for an intern position. Then I started to wonder what the best answer would look like. It turns out that when you're connected to the interviewer, you're doing good. If you have the skills for the job, it'll strengthen your connection with the interviewer and the synergy that comes from this connection will define whether you pass or not. That was my answer.
But you if think more deeply, you'll notice that this connection could be applied everywhere. It's the secret of everything that goes well.
Let's analyze more scenarios. What makes a good marriage? A marriage that partners are connected. A marriage where partners feel extremely good whenever they are near each other. The stronger the connection, the better the marriage. On the other hand, whenever the connection is weak, it tends to break.
In such examples, what changes are the factors to strengthen or weaken connections based on the context. In Information Security that's not different. What makes a good security program? A program that connects. Connects to what? To what it needs to protect.
When it comes to software development, a good security program that could protect it is the one that is very tied to each phase of software development. This is why we can see many approaches to secure software by adding security to each layer such as OpenSAMM and BSIMM.
So when you want to succeed at something, put the connection first and try to figure out how to strengthen this connection. This synchronism is the key and surely will help you while designing something that needs to thrive.
That's all folks :)