Create security culture to boost cyber defences, says Troy Hunt

Security suffers when there is tension between software developers and security professionals, but it is common in many organisations, says world-renowned security blogger and trainer.

Creating a security culture can ease tensions between developers and security professionals and raise an organisation’s cyber defence capability, according to Troy Hunt, Pluralsight author and security expert.

“Security must be top of mind for all technology professionals in an organisation, not just the designated security team,” he told Computer Weekly.

“With a new hack or breach happening almost daily, organisations must develop the skills required to safeguard and manage against security threats by making security the norm rather than the exception.”

But organisations typically struggle to make cyber security front of mind for everyone so that it is becomes a pervasive organisational behaviour, said Hunt.

“Even organisations that are security aware enough to be training employees on various related topics do not necessarily know how to make those hard skills part of the organisation’s culture,” he said.

This realisation, he said, led to the development of a course on creating a security-centric culture for Pluralsight, an enterprise technology learning platform company.

The course is aimed at helping technology professionals and management understand how to embed a culture of security in their organisations, said Hunt.

Part of the problem, he said, is that many organisations’ development and security teams tend to work in separate silos.

Typically, development groups build the software before it is passed to the security team, but this creates a divide between these groups.

Developers tend to be scared of the security people, said Hunt, because the security people can stop software projects from going live if any critical security vulnerabilities are identified in the software code.

“As a result, there is often tension between these two groups,” he said. “I do about 20 workshops a year at banks, e-commerce companies and the like, and I see this friction over and over again.”