Be Agile, Not Vulnerable
Audience level: Novice
Security has to be everyone's responsibility, and cannot be managed as a feature.
Startups like to "move fast and break things"... but how do you ensure that what breaks isn't security? How do you strike a balance and make sure you're able to ship quickly while still ensuring that what goes out the door doesn't have vulnerabilities? The answer begins by recognizing that security is a process, not a feature, and this has ramifications throughout the organization. It means that security engineering needs to be everyone's responsibility (instead of a select few), and it means that when security vulnerabilities crop up — and they will — the organization needs to be prepared and aligned to act quickly.