Yesterday I moderated the Oklahoma City Microsoft CSO Roundtable. Just as we did in San Antonio we had a great discussion and I think everyone left with new things to think about. The largest organizations in OKC were represented in sectors like financial services, energy and public utilities. I have uploaded the slide deck here in the Denim Group Knowledge site.
Some interesting points to come out of the discussion:
- Those responsible for security are concerned because increasingly sensitive assets are being made available via the web. Because most of these security folks do not have a development background they are forced to work with development groups to help address the risk.
- Successful organizations have multiple touchpoints during the system development lifecycle where the security group works with the software development group. This allows security concerns to be brought up and addressed early on in the process. This saves money and headaches later on and results in more secure systems.
- Individuals with titles such as Security Architect are leading the charge in many organizations. These are folks in security who look at systems as a whole. Because of their role they are particularly well-suited to address cross-disciplinary issues like software security.
Many thanks to all of our participants. I had a great time leading the discussion and learned a lot (as I always do) talking to the folks at large organizations who are responsible for security day-in and day-out.
dan _at_ denimgroup.com