What makes a good security program? A program that 'connects'
In the past few days, someone asked me how to pass an interview for an intern position. Then I started to wonder what the best answer would look like. It turns out that when you're connected to the interviewer, you're doing well. If you have the skills for the job, it will strengthen your connection with the interviewer, and the synergy that comes from this connection will define whether you pass or not. That was my answer.
But if you think more deeply, you'll notice that this connection could be applied everywhere. It's the secret to everything that goes well.
Let's analyze more scenarios. What makes a good marriage? A marriage where partners are connected. A marriage where partners feel extremely good whenever they are near each other. The stronger the connection, the better the marriage. On the other hand, whenever the connection is weak, it tends to break.
In such examples, what changes are the factors that strengthen or weaken connections based on the context. In Information Security, that's no different. What makes a good security program? A program that connects. Connects to what? To what it needs to protect.
When it comes to software development, a good security program that can protect it is the one that is closely tied to each phase of software development. This is why we can see many approaches to securing software by adding security to each layer, such as OpenSAMM and BSIMM.
So when you want to succeed at something, put the connection first and try to figure out how to strengthen this connection. This synchronism is the key and will surely help you when designing something that needs to thrive.
That's all, folks :)