Lessons from Securing Internal Applications
Building a Security Platform Engineering Team
“””
I’m a big fan of building security into existing processes, a term coined as “secure paved roads” by Jason Chan, Ex-Netflix CISO. The idea behind this is that security should mostly be invisible. The average employee should simply not have to think about high-consequence security domains. They’ll use tools that make their life easier, and that tooling has security built in by default. Yes, they can divert from that paved path, but they’ll generally have a worse experience. The idea is that 95% of people will stick to the paved paths, and the only people who divert off it have exceptional reasons to do so.
“””