Each year, the security community faces more sophisticated attackers who are working to expose and exploit vulnerabilities within an organization’s code. Mitigating these risks and preventing future breaches requires investment in both powerful new technologies and developers with the right skills and instincts.

At Vulnerability-Free Code: Striking the Balance Between Speed and Security, our expert panelists shared their perspectives on modernizing the security landscape by determining which tools truly add value, finding up-and-coming talent at every level of an organization, and staying vigilant against potential threats from both external and internal sources.

Here’s a sample of what we learned:

1. Finding talent in unexpected places

When seeking out the next generation of security professionals, Brandon Hines of Dimensional Fund Advisors says “being willing to engage with people who might not quite be there yet, but really have a lot of upward potential” is the key to finding emerging talent.

Leaders should remain engaged with not only long-term employees, but new hires and interns who demonstrate a passion for their work and a desire to learn in order to establish future success for their security programs.

2. Choosing the right tools to avoid technical debt

In an ever-changing threat landscape, it is tempting to integrate a multitude of tools to protect company and customer data as effectively as possible. But doing so may result in long-term technical debt if the technologies do not function seamlessly together, ultimately causing more harm than good.

Robby VanderKaay, Director of Information Security and Compliance and Forensic Examiner at Hines Interests, suggests that “the simplest approach is a lot of the time the best, because then you don’t have these...unneeded complexities which then just breed problems, breed security vulnerabilities.”

3. Developers need support and synergy

Developers may be proactive in finding solutions to problems they encounter, but fostering communication among teams will ensure that they are not expected to resolve every problem that may arise, and can devote their efforts to where they will add the most value in an organization.

As Joel Clawson of New Western Acquisitions puts it, “Getting our teams to talk and work well together, and making those bonds and relationships across the teams, is probably one of the most productive things that I’ve been able to do.”

4. Major threats may come from within the company

While external threats are being routinely dealt with, organizations must not turn a blind eye to employees who may have malicious intent and the ability to cause harm from the inside.

“Somebody planting something months beforehand or a year beforehand...because they saw an opportunity that they might have after the fact...is a real risk that you have to look at,” warns Joel Clawson.

5. Conversations about the cloud

Businesses often debate about whether migrating to the cloud is the right move, but as James Brotsos, Lead Product Manager at Checkmarx, points out, it’s important to consider what everyone else is doing too.

“Not only do people ask me about the security of our platform, but I’m always asking the security about their platform as well,” James says. If an outside vendor has made the decision to transition to the cloud, it is important to evaluate their security measures and determine whether company data they have access to will be protected or vulnerable.

Curious to learn more? Access the full event content by filling out the form at the top of this page.