Wayne A. Howell Jr.

The threat landscape for security practitioners changes on a daily basis. It is critical that security professionals have an understanding of key focus areas and best practices to help organizations manage their risk. When building a new security program, practitioners should incorporate the fundamental principle of, What is the risk to the business? Every company should have a risk management plan that captures what the business should focus on, and it is our job to ensure that the business understands the risks associated with it. Risks can come from various areas such as compliance risk, business risk, open source risk, supplier risk, etc. Every business understands the cost of doing business and should have a defined place within our security program. This allows organizations to be given the guidance when needed to navigate the ever-changing security landscape.

As security practitioners, it is our duty to drive organizations to incorporate the use of security tools throughout the software development life cycle. It is critical that the risk management plan is supported by security tooling. This allows development teams to identify, classify, and remediate weaknesses found during automated analysis. Security practitioners should incorporate the use of software composition analysis (SCA), static application security ...