--- title: "Securing next generation software" author: Cindy Blake author_gitlab: cblake author_twitter: cblake2000 categories: insights image_title: '/images/blogimages/ciso-secure-next-gen-software.jpg' description: "Scale your security efforts by understanding and integrating with the DevOps workflow." tags: security, DevOps, workflow twitter_text: "The #CISO’s role in securing next gen software #appsec" postType: content marketing merch_banner: merch_four merch_sidebar: merch_four --- Next generation software has changed the way developers work, allowing them to produce code quickly and at scale. This poses new security challenges however and all too often security is treated as a bolt-on task at the end of the process. Approaching security in this manner won’t scale to the size and velocity of software development. It’s therefore critical that security innovation finds its way into your development lifecycle. You can be sure that your cyber-adversaries aren’t using hacking methods from 10 years ago – so why should you be using security technologies and methods from 10 years ago? To tackle these changes, CISOs will need to understand three critical shifts in next-generation software: 1. How software is composed and executed 1. How software is delivered and managed 1. How software complies with regulatory requirements It’s time to think of security as an outcome from an integrated DevSecOps effort. In my recent book ([free to download here](/resources/ebook-ciso-secure-software/)) I explain these three shifts in depth to help security professionals understand new application-related attack surfaces and areas of risk, how DevOps processes and tools affect their security efforts, and how security teams can adapt and scale to unite the iterative development and security workflows. <%= partial "includes/blog/blog-merch-sidebar-dynamic" %> ## Secure software in the age of DevOps Securing the software development lifecycle has never been easy, and efficiency-boosting development changes have created more challenges for security teams to face. To be successful, CISOs and their teams need to be able to focus on: * Basic security hygiene * Monitoring, detection, and automated response * Building on standardization, policy automation, validation, common controls, and continuous improvement ## Think it through At the end of my book, you’ll find 10 steps to take as you work toward your next generation security program. Here is a quick preview of a few of the steps: 1. Start by assessing where you are, and decide on a path to move forward. 1. Align metrics to manage risks, not silos. 1. Go broad, not deep, when testing software. 1. Apply continuous security scanning to iterative development. 1. Apply Zero Trust principles to your applications and their infrastructure. Cover image by [theverticalstory](https://unsplash.com/@theverticalstory) on [Unsplash](https://unsplash.com/photos/LjkEdYv55bA) {: .note} <%= partial "includes/blog/blog-merch-banner" %>