Within the security community of late, the focus has been on “shifting left”, and while that has merit, it is somewhat myopic missing some of the realities of defense in practice. Instead, I propose a simple framework to help guide initiatives that will “level up” defenses and greatly improve security postures wholistically. Some license is taken in terminology in order to keep things simple, memorable, and applicable.
We start with the three basic pillars of development, design, and detection. To be more specific, secure development (or DevSecOps), secure architectural design (such as zero-trust architectures & security reference architectures) and lastly, modern detection and incident response. These three pillars are built on the foundation of automation and doing “everything as code”, including Infrastructure as Code (IaC), Detection as Code (DaC), and Security Orchestration Automation and Response...Read More!
