major.io words of wisdom from a systems engineer

Annoying security requests highlight company silos

I stumbled upon this video earlier today via Tripwire’s Twitter feed:

Some of the requests are hilarious, obviously, but many of them highlight a critical problem. In organizations where security is one department, silos develop and the “us versus them” mentality sets in quickly.

For organizations to grow and maintain security, the ownership of security and process maturity must be spread throughout the organization. Traditional corporate security teams simply cannot carry this burden alone. Security teams should be looked to as subject matter experts and consultants for critical projects. The business should be as eager to engage security experts as the security experts should be to engage the rest of the business.

Lopsided security ownership quickly leads to comments like the ones in the video.