With the holidays quickly approaching, I can’t help but think about all of the dinner parties just around the corner and the many hours of “forced family fun” as we like to call it in our house. Don’t get me wrong, I love all the dishes that get whipped up by my family members, but with that comes the fact that you need to sit around the dinner table … for hours … and hours. Many personalities, many viewpoints, many experiences are forced to come together in one place at one time. It can get messy, but in the end, those are the moments you end up cherishing the most, and the holidays wouldn’t be the same without those gatherings.
Strangely enough, these dinner parties are rather similar to my initial meetings with potential Veracode customers.
Actually, I should rephrase that and say these dinner parties are reminiscent of my initial meetings with the most successful Veracode customers. As I’ve seen over the last three years here, the customers who involve many different stakeholders across their company have a much more successful roll-out of their intended application security program.
Application Security Not a Solitary Pursuit
I’m on the sales team at Veracode, so I have calls on a daily basis with companies ranging from small start-ups to large leading enterprises to discuss how we can help secure their software. Looking back on my copious notes (I knew these would come in handy someday!), I see the depth and variety of titles that I speak with during these meetings: VP of Product Development, IT Operations, Security Engineer, Head of Software Development, Director of QA, Sales Manager, Risk & Compliance Officer. This collection of titles encompasses what I like to call the “DevOps Dinner Party.”
DevOps is a shift in the mindset of companies as they think about how to best structure their software development process. The key to a successful DevOps organization is to increase the collaboration and communication between the development and IT Operations group. With this new change, developers need to deliver code more securely, at a much faster pace, and with involvement from more colleagues.
This problem of tackling application security is not just one person’s responsibility. The companies I’ve seen show the most success have involved representatives from multiple teams across the organization, and brought them into the sales cycle early on.
If you break Veracode down to its simplest terms, we help our customers reduce risk and meet the requirements of their clients and regulators through quickly delivering more secure code. Just within that one sentence, we are saying that Veracode interacts daily with developers, security, product development, sales, risk and compliance.
Application Security Success Requires Early Stakeholder Involvement
From what I’ve gathered across our extensive customer base, the earlier you can bring some of your teammates into the discussion on application security, the better off you will be. You will empower your colleagues to have a say in a solution you are planning to purchase, but you will also talk through what the process is like to implement it and get ahead of any roadblocks that might come after the sales order form is signed.
So, next time you are at a manager all-hands meeting or just walking past your colleagues’ cubicles in the morning, ask yourself – how can I involve my peers in this application security decision?
The holidays would not be considered a “success” without a big crowd around the dinner table, and the same can be said about your application security initiative. You need a full table at your “DevOps Dinner Party,” in order to make a more informed decision for your company and have a better chance at a successful application security program.
Want more details on building an application security program? Start with tips from someone who’s been there – check out our new guide, 5 Lessons From an Application Security Pro.