Anuj Parekh

We all want our applications and organizations to be secure. We come up with different processes and implement different tools to secure our applications and organizations, but sometimes we overlook the most important aspect of application security: to build a security-focus mindset of individuals and teams in an organization.

We often hear that security is everyone’s responsibility, and that is true. When we are able to raise the security culture and build the security mindset within the product and engineering team, it will be more efficient than adding more tools or gates in the process. When they become the security champions in protecting applications and data, that’s what a successful application security program would be!

You can start assessing your organization’s security mindset from multiple aspects. The following are some sample questions that may guide you on the assessment and even help you build the security mindset in your product, engineering, and data groups.

Data exposure and minimization

What type of data exposure and severity of data exposure is there in case the application, data, or accounts get compromised?

Are we doing everything we can to minimize data exposure (especially sensitive data such as personally identifiable information) and is product design taking privacy by ...