058. Starting Security From Scratch

Many security guides out there presume that you're implementing security on an existing system or an existing product; look at what has been missed and improving things incrementally - but what if you're building something completely new? If it's a new product or a new company, things can be a different. When you're struggling with security many experts will tell you that you should have started sooner - but where exactly do you start? You can't PenTest a product before you've written your first line of code, so what should you do first? It's difficult to fit it all in without making an episode that goes on for days - but in today's episode Holly Grace looks at some of the common aspects to security starting with design and building up to implementation, and response. Key Points: 2'35 Testing too late makes it harder 4'15 Design, Implementation, and Protection 5'30 Security Policy: Updates, Passwords, and Authentication 6'45 Awareness Training: Why the policy is that way 10'42 Policies and Implementation not matching 15'10 How frequently should you Pen Test? 19'05 Response: Logs, Alert, and Hunting Links Secarma's Cybersecurity Maturity Assessment - https://www.secarma.com/services/cybersecurity-assessment/maturity-assessment.html NIST Cybersecurity Framework - https://www.nist.gov/cyberframework NCSC Cyber Assessment Framework - https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework Listening Time: 24 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma