Daniel Ting

Imagine you have a horrible flu and visit the doctor for immediate relief. But instead of providing medicine, the doctor starts discussing weight loss, which might help prevent future health issues. However, it doesn’t address your current flu symptoms.

Or, what if the doctor tells you to wear a hazmat suit so you won’t get the flu again? It would improve your safety and security from the flu. Yet would you do it? Probably not. Why? It’s impractical.

How would you feel about that experience? I’d feel upset that my priorities were ignored and that the prevention advice was impractical. I’d never return to that doctor. I’d look for a doctor who is empathetic and understands my priorities.

Similarly, dev and business teams need to be supported with empathy and an understanding of priorities. Our ability to do this as AppSec professionals makes us indispensable sidekicks. The dev and business teams as a whole are the heroes here; we play the essential role of supporting them in making informed decisions and minimizing harm. To be an awesome sidekick, there are three things we need to remember for success. Let’s unpack them.

It’s About Them, Not You.

AppSec is a support role. It does not exist without an application to secure. Although risky and concerning, developers can still build applications without security. Understanding this puts ...