Pen testing is the “easy part”. Every week I get offers from companies specialising in Penetration Tests.

No one is ever banging on my door telling me about how they are going to support the dev teams to comprehensively understand how each detail in their job impacts the end product security.

Not saying pen tests are useless. They form an important part of the process. It’s just not the hard bit.

#cybersecurity #infosec #DevSecOps #PenTest #HumanCentredSecurity #SecureDevelopment #Cyber #ExpandLeft #ShiftLeft

Today involved some discussion about Human Centred Security. For me it’s more than just designing around people and their quirks, but involving people and communicating with them, putting people at the centre of what you do and how.

I think Cybersecurity needs to be communicated, and communication involves information going both ways. It’s a conversation.

But it’s so difficult.

If we’re not doing this for people, then why are we doing it?

What’s the best way to have security conversations with people though? And at scale? Is a conversation at scale even possible?

#cybersecurity #HumanCentredSecurity