Application Security Buy-in and the Obligatory Exercise Analogy

Who doesn’t love a good analogy? Yes, they are trite, especially when making comparisons to exercise or good health habits. Which is why I am going to do exactly that! It’s the obligatory January, “let’s-compare-everything-to-exercise” analogy.

Go with me for a minute. Isn’t getting started with application security exactly like getting started with a new exercise program? It is overwhelming, uncharted territory and can feel insurmountable.

Makes you want to run right out and build an AppSec program just about as much as you want to jump on that elliptical machine, right?

At Veracode, we’ve been writing a lot lately about how to get a program up and running in your company. It’s an important topic, one which we have over a decade of experience in, helping companies of all shapes and sizes. We empathize with the sentiment that it’s tough sledding when you first get started.

Just like that 6-pack doesn’t magically appear after doing one set of crunches, you can’t expect to achieve success with your AppSec program overnight either. It requires commitment, persistence and, above all, belief that it can happen.

You may be the person who is pushing the AppSec agenda forward for your company. Doing so requires your relentless leadership and pursuit, and getting buy-in across your company may be the single most important key to success.

Let’s just consider for a moment the simple human-to-human implication of inclusion. Isn’t it always a better feeling to be included rather than excluded? The psychological impact of including someone and getting their input is very powerful for both them and you. In a business setting, communication about change is critically important and ensures no one is caught by surprise when change takes place.

If you get the right folks in your company to understand why AppSec is important and how it will benefit your organization, and discuss the impact of a new AppSec program to their group, your chances of success increase. And having a documented strategy, which everyone agrees with, only helps your cause.

getting buy-in across your company may be the single most important key to success

Make no mistake about it. Just like losing a pant size or increasing the weight on your deadlifts, getting buy-in for your AppSec program is, as trainer Jillian Michaels famously says, “hard. ass. work.” It might be a while before you see tangible results. But just as each time you go running you increase your endurance, each step you take with application security builds on the previous.

We published a handy roadmap to help you understand how to go about getting the buy-in that is so critical to your program’s success. Take a look and we’re happy to answer questions if you have them.

What do you think? Are there other wellness and application security comparisons you can make? We’d love to hear from you.