It takes 12–24 months to build a robust security program
It takes 12–24 months to build a robust security program
I’ve watched this unfold a million times. The executive team is laser-focused on growth, while security is pushed aside.
There’s always a reason not to focus resources on security measures:
- Customers are asking increasingly difficult-to-answer security questions — but you always seem to navigate them so far…
- While you may have had a close call or two, you’ve managed to dodge any major breaches so far
- While Engineers want to improve security (and reliability, test coverage, and 100’s of other things), product features and customer demands dictate priorities.
- While the tech team has a strong technical foundation, they lack specialized expertise in security making new security initiatives more difficult to scope and execute.
- Budgets are constrained and headcount is all about product growth and support.
- IT is responsible for security (but they’re busy with the help desk).
The pressure continues to grow and it’s challenging to know where to start.
But…
When these 4 signs start showing up, it’s time to act and build a robust security program.
1/ An incident happens — or there’s a close call. Your team is rattled. You were this close to a major incident. Now you’re asking: “Would we have to notify customers or partners?” “How do we prevent this from happening again?” “What else are we missing?”
2/ Your Customers require stricter security standards. Your customers are being forced to level up their security — and they’ll expect you to do the same.
Suddenly, security questionnaires with 800+ questions are part of the sales process, ones that didn’t exist two years ago.
Security is becoming a major speed bump in the sales cycle and the questions (and evidence) are getting harder and harder to produce.
3/ The sales team is losing deals due to security friction. Sales cycles have changed dramatically.
You’re hearing things like: “We lost the deal because we didn’t meet their security standards.” “It was painful to close because of all the security hoops we had to jump through.” The pressure to compete is forcing a rethink of your approach to security.
4/ New hires are questioning your security program. If your company has been lax about security and you start hiring employees who take it seriously, it’ll be obvious.
You’ll hear comments like: “Oh, that’s how you do it? We did it differently at my last company.” “We’d never get away with that where I worked before.”
It’s a warning sign.
That’s why we created a simulator to help you discover core aspects of a best-practice security program specifically for your company — check it out: