{"id":6815,"date":"2020-09-02T10:13:00","date_gmt":"2020-09-02T08:13:00","guid":{"rendered":"https:\/\/www.codemotion.com\/magazine\/?p=6815"},"modified":"2022-02-11T12:30:49","modified_gmt":"2022-02-11T11:30:49","slug":"responsibility-manager","status":"publish","type":"post","link":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/","title":{"rendered":"Security Is Not Just the Responsibility of the Security Manager"},"content":{"rendered":"<p style=\"user-select: auto;\"><script type=\"text\/javascript\"><br \/>\n  if (typeof fz === \"function\")<br \/>\n    fz(\"event\", {<br \/>\n        \"name\": \"SecurityNotSecManager\",<br \/>\n        \"value\": \"10\",<br \/>\n        \"unit\": \"euro\"<br \/>\n    });<br \/>\n<\/script><\/p>\n\n\n<p class=\"eplus-u0VpoN\"><em style=\"user-select: auto;\">The following article was inspired by some of the best talks we had the opportunity to host during our offline conferences over the last few years. Together, they offer a broader view of the aspects related to Security<\/em>. <\/p>\n\n\n\n<p class=\"eplus-irpon6\"><em style=\"user-select: auto;\">We have committed ourselves to offer you more interesting talks like the followings in spite of that COVID-19 outbreak. Online conferences have become Codemotion&#8217;s new means of choice. If you are interested in organising your online event, have a read at this article on the <a style=\"user-select: auto;\" href=\"https:\/\/www.codemotion.com\/magazine\/articles\/events\/planning-virtual-conference\/\">best tools for planning and running a virtual conference<\/a>.<\/em><\/p>\n\n\n\t\t\t\t<div class=\"wp-block-uagb-table-of-contents uagb-toc__align-left uagb-toc__columns-1  uagb-block-4dd804f3      \"\n\t\t\t\t\tdata-scroll= \"1\"\n\t\t\t\t\tdata-offset= \"30\"\n\t\t\t\t\tstyle=\"\"\n\t\t\t\t>\n\t\t\t\t<div class=\"uagb-toc__wrap\">\n\t\t\t\t\t\t<div class=\"uagb-toc__title\">\n\t\t\t\t\t\t\tTable Of Contents\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"uagb-toc__list-wrap \">\n\t\t\t\t\t\t<ol class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#what-is-security\" class=\"uagb-toc-link__trigger\">What is security?<\/a><li class=\"uagb-toc__list\"><a href=\"#you-are-the-weakest-link\" class=\"uagb-toc-link__trigger\">You are the weakest link<\/a><li class=\"uagb-toc__list\"><a href=\"#security-hits-in-unexpected-places-like-api-attacks\" class=\"uagb-toc-link__trigger\">Security hits in unexpected places like API attacks<\/a><li class=\"uagb-toc__list\"><a href=\"#zero-trust-means-everything-is-on-fire\" class=\"uagb-toc-link__trigger\">Zero trust means everything is on fire<\/a><li class=\"uagb-toc__list\"><a href=\"#interested-in-a-career-in-cybersecurity\" class=\"uagb-toc-link__trigger\">Interested in a career in cybersecurity?<\/a><\/ol>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\n\n\n<h2 class=\"gb-headline gb-headline-eecd7a63\">What is security?<\/h2>\n\n\n\n<p class=\"eplus-lH7GSS\">The notion of <span style=\"user-select: auto;\" id=\"urn:enhancement-a8bad3ce\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span>-first and <span style=\"user-select: auto;\" id=\"urn:enhancement-d15f32ad\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> by design are critical to the work of <span style=\"user-select: auto;\" id=\"urn:enhancement-f913b0e3\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/software_developer\">developers<\/span>, especially when you consider the ubiquity of <span style=\"user-select: auto;\" id=\"urn:enhancement-acb6281f\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> <span style=\"user-select: auto;\" id=\"urn:enhancement-9c4d4f7f\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/vulnerability_computing\">vulnerabilities<\/span> across all kinds of <span style=\"user-select: auto;\" id=\"urn:enhancement-7f2d0df8\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/software\">software<\/span>, verticals, and <span style=\"user-select: auto;\" id=\"urn:enhancement-b50a78c4\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/industry\">industries<\/span>. <\/p>\n\n\n\n<p class=\"eplus-EDJg3w\">People <span style=\"user-select: auto;\" id=\"urn:enhancement-cd4302e7\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> to the forefront with intent means that <span style=\"user-select: auto;\" id=\"urn:enhancement-a1e8d0c4\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> is first of mind for all <span style=\"user-select: auto;\" id=\"urn:enhancement-794191ec\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/software_developer\">developers<\/span>, <span style=\"user-select: auto;\" id=\"urn:enhancement-2d928685\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/user_experience\">UX<\/span> <span style=\"user-select: auto;\" id=\"urn:enhancement-9accc503\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/designer\">designers<\/span>, documentation writers and engineers &#8211; not just the <span style=\"user-select: auto;\" id=\"urn:enhancement-75f32886\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> member of staff (and their <span style=\"user-select: auto;\" id=\"urn:enhancement-69028b3\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/team\">team<\/span>).&nbsp; We take a look at some of the themes present in today&#8217;s <span style=\"user-select: auto;\" id=\"urn:enhancement-cf0f69cc\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> discourse.<\/p>\n\n\n\n<h2 class=\"eplus-Gn5gJc wp-block-heading\" id=\"h-you-are-the-weakest-link\">You are the weakest link<\/h2>\n\n\n\n<p class=\"eplus-RW7Qca\">According to <strong>Brian Vermeer<\/strong>, Developer Advocate at Synk, this also applies to the behaviour of <span style=\"user-select: auto;\" id=\"urn:enhancement-20ea3701\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/team\">team<\/span> members &#8211; on and <span style=\"user-select: auto;\" id=\"urn:enhancement-87d7bd14\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/online_and_offline\">offline<\/span>. He shares &#8220;It&#8217;s not that hard to find out where you work based on your <span style=\"user-select: auto;\" id=\"urn:enhancement-a9e376a4\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/email\">email<\/span> address. I mean normally, it&#8217;s first name dot last name at company name dot domain.&#8221; <\/p>\n\n\n\n<p class=\"eplus-j1NOlx\">He asked further &#8220;Who has confidential material on your laptop? I can follow you and get to know your routine. Who encrypts your hard drive? Who has access to your laptop? Who uses a <span style=\"user-select: auto;\" id=\"urn:enhancement-bbdf186c\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/password\">password<\/span> manager?&nbsp;<\/p>\n\n\n\n<p class=\"eplus-GeEwqZ\">[jwp-video n=&#8221;1&#8243;]<\/p>\n\n\n\n<p class=\"eplus-YrrYSm\">He further notes, that as <span id=\"urn:enhancement-9ccb2be8\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/software_developer\">developers<\/span> &#8211; not just <span id=\"urn:enhancement-cca4d5b7\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> staff &#8211; you probably have access to more secure materials than you realise:<\/p>\n\n\n\n<p class=\"eplus-BNDwtr\">&#8220;If you do <span style=\"user-select: auto;\" id=\"urn:enhancement-6d34d0d2\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/devops\">DevOps<\/span>, you probably have elevated <span style=\"user-select: auto;\" id=\"urn:enhancement-a8c8ddb5\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/privilege_computing\">privileges<\/span>, for instance, to the <span style=\"user-select: auto;\" id=\"urn:enhancement-75b8be0c\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/database\">database<\/span> of your <span style=\"user-select: auto;\" id=\"urn:enhancement-3bbbe3d7\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/company\">company<\/span>. Who has <span style=\"user-select: auto;\" id=\"urn:enhancement-b1a6183b\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/credential\">credentials<\/span> to enter the production server or the pipeline that can drop something into production? So can you imagine if we have that laptop of yours, and we abstract all that stuff from it, I can post on your git <span style=\"user-select: auto;\" id=\"urn:enhancement-cb64fd9f\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/credential\">credentials<\/span>, I can go to production, and I can even access the <span style=\"user-select: auto;\" id=\"urn:enhancement-8db0765c\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/database\">database<\/span>&#8220;.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote eplus-edFDjK is-layout-flow wp-block-quote-is-layout-flow\"><p>&#8220;Who of you has <span style=\"user-select: auto;\" id=\"urn:enhancement-c392ff41\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/test_data\">test data<\/span> on their <span style=\"user-select: auto;\" id=\"urn:enhancement-60c1c6d0\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/system\">system<\/span> locally? And it&#8217;s actually just a copy of the production data to test, for instance, <span style=\"user-select: auto;\" id=\"urn:enhancement-7abf5e92\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/reliability_engineering\">reliability<\/span>, speed and that kind of stuff? Do you have <span style=\"user-select: auto;\" id=\"urn:enhancement-504d7d62\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/personally_identifiable_information\">personally identifiable information<\/span> on that? Is that <span style=\"user-select: auto;\" id=\"urn:enhancement-66a5f6ac\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/anonymity\">anonymised<\/span>? You are vulnerable. And the weakest link is not the <span style=\"user-select: auto;\" id=\"urn:enhancement-3653839b\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/system\">system<\/span>. It&#8217;s you. So why should I target the <span style=\"user-select: auto;\" id=\"urn:enhancement-61b99afd\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/system\">system<\/span>? I just target you, it&#8217;s much easier.&#8221;<\/p><\/blockquote>\n\n\n\n<p class=\"eplus-cDYfNe\">To make <span id=\"urn:enhancement-5e0f5025\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> effective, it&#8217;s not just about tick-a-box compliance. Rather, <span id=\"urn:enhancement-7aff8569\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> must be backed into <span id=\"urn:enhancement-d5e1c3e5\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/company\">company<\/span> values and delivered through <span id=\"urn:enhancement-f383aa8\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/company\">company<\/span> practices by all departments and individuals.&nbsp;<\/p>\n\n\n\n<h2 class=\"eplus-sscmvg wp-block-heading\" id=\"h-security-hits-in-unexpected-places-like-api-attacks\">Security hits in unexpected places like API attacks<\/h2>\n\n\n\n<p class=\"eplus-WqPFg2\">Each time you publish an <span style=\"user-select: auto;\" id=\"urn:enhancement-96e2afc5\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">API<\/span>, you punch a hole in your enterprise perimeter. Through <span style=\"user-select: auto;\" id=\"urn:enhancement-18796e94\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">API<\/span> attacks, a lot of critical <span style=\"user-select: auto;\" id=\"urn:enhancement-867b6acc\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span> which used to be well-protected in enterprises <span style=\"user-select: auto;\" id=\"urn:enhancement-d67652ba\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span> centres is now exposed directly to the <span style=\"user-select: auto;\" id=\"urn:enhancement-eaf0ae83\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/internet\">Internet<\/span>. <\/p>\n\n\n\n<p class=\"eplus-AZYoeg\">Whenever you create <span style=\"user-select: auto;\" id=\"urn:enhancement-6f859431\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">APIs<\/span>, you have to make sure that you have done everything you could to validate <span style=\"user-select: auto;\" id=\"urn:enhancement-4b74bb64\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span> flows, properly authenticate <span style=\"user-select: auto;\" id=\"urn:enhancement-b33b2e33\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/user_computing\">users<\/span>, authorise access to the <span style=\"user-select: auto;\" id=\"urn:enhancement-979d7343\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span>, keep an audit trail among other security tasks.&nbsp;<\/p>\n\n\n\n<p class=\"eplus-bgWwIZ\">The Open <span style=\"user-select: auto;\" id=\"urn:enhancement-18707e5e\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/web_application_security\">Web Application Security<\/span> Project (<span style=\"user-select: auto;\" id=\"urn:enhancement-f9a6629f\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/owasp\">OWASP<\/span>) is a <span style=\"user-select: auto;\" id=\"urn:enhancement-e6e65c15\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/nonprofit_organization\">nonprofit<\/span> foundation that works to improve the <span style=\"user-select: auto;\" id=\"urn:enhancement-2a13bc3e\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> of <span style=\"user-select: auto;\" id=\"urn:enhancement-afd13d46\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/software\">software<\/span>. <\/p>\n\n\n\n<p class=\"eplus-N3EtWE\">One of their members, Isabelle Mauny shared with <span style=\"user-select: auto;\" id=\"urn:enhancement-9d364996\" class=\"textannotation disambiguated wl-organization\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/codemotion\">Codemotion<\/span> that <span style=\"user-select: auto;\" id=\"urn:enhancement-b5cb4f5a\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/owasp\">OWASP<\/span> recently added under-protected <span style=\"user-select: auto;\" id=\"urn:enhancement-19456c57\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">APIs<\/span> to its&nbsp;<a style=\"user-select: auto;\" target=\"_blank\" href=\"https:\/\/owasp.org\/www-project-top-ten\/\" rel=\"noreferrer noopener\">Top 10 list of app vulnerabilities,<\/a>&nbsp;a standard awareness document for <span style=\"user-select: auto;\" id=\"urn:enhancement-8f9ba600\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/software_developer\">developers<\/span> and web application security. It represents a broad consensus about the most critical <span style=\"user-select: auto;\" id=\"urn:enhancement-9e05219b\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> risks to web applications.<\/p>\n\n\n\n<p class=\"eplus-wbWt7H\">[jwp-video n=&#8221;4&#8243;]<\/p>\n\n\n\n<p class=\"eplus-HRuah1\">It&#8217;s a recognition that<strong> <span id=\"urn:enhancement-664cbb53\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">API<\/span> <span id=\"urn:enhancement-978e6258\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> <\/strong>is NOT web <span id=\"urn:enhancement-270b8a76\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span>. Rather APis have different attack vectors. They are <span id=\"urn:enhancement-e10076d3\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span>-centric, and there are lots of attacks coming from mishandling <span id=\"urn:enhancement-4cc5884a\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">API<\/span> <span id=\"urn:enhancement-6c89e3c1\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span>.<\/p>\n\n\n\n<p class=\"eplus-Mjrj7H\">Each time you publish an <span style=\"user-select: auto;\" id=\"urn:enhancement-ce845e3e\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">API<\/span>, you punch a hole in your enterprise perimeter. Through <span style=\"user-select: auto;\" id=\"urn:enhancement-54ed433\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">API<\/span> attacks, a lot of critical <span style=\"user-select: auto;\" id=\"urn:enhancement-384a1520\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span> which used to be well-protected in enterprises <span style=\"user-select: auto;\" id=\"urn:enhancement-d6776cae\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span> centres is now exposed directly to the <span style=\"user-select: auto;\" id=\"urn:enhancement-eaf1c877\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/internet\">Internet<\/span>. <\/p>\n\n\n\n<p class=\"eplus-ht9iFL\">Whenever you create <span style=\"user-select: auto;\" id=\"urn:enhancement-6f86ae25\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">APIs<\/span>, you have to make sure that you have done everything you could to validate <span style=\"user-select: auto;\" id=\"urn:enhancement-4b75d558\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span> flows, properly authenticate <span style=\"user-select: auto;\" id=\"urn:enhancement-b33c4827\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/user_computing\">users<\/span>, authorise access to the <span style=\"user-select: auto;\" id=\"urn:enhancement-979e8d37\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span>, keep an audit trail among other <span style=\"user-select: auto;\" id=\"urn:enhancement-1b4fd15e\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> tasks.&nbsp;<\/p>\n\n\n\n<h2 class=\"eplus-PGQHKD wp-block-heading\" id=\"h-zero-trust-means-everything-is-on-fire\">Zero trust means everything is on fire<\/h2>\n\n\n\n<p class=\"eplus-FBBtIM\">A lot of these <span id=\"urn:enhancement-6a07710f\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/data\">data<\/span> breaches are made possible due to missteps and misconfigurations. Many <strong><span id=\"urn:enhancement-c91a5f6e\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> <\/strong>issues are introduced into website authentication mechanisms that further compound the <span id=\"urn:enhancement-8618d0e2\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/security\">security<\/span> issues in addition to enforcing bad behaviour by the end-<span id=\"urn:enhancement-520e5ac5\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/user_computing\">users<\/span>. <\/p>\n\n\n\n<p class=\"eplus-EOxDoT\"><span id=\"urn:enhancement-ebdbbcff\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/computer_security\">Security<\/span> debt is a real problem for the vast majority of <span id=\"urn:enhancement-3d6b7796\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/organization\">organisations<\/span> in the world today, and the attackers will utilise this to their advantage.<\/p>\n\n\n\n<p class=\"eplus-22diCR\"><strong><span style=\"user-select: auto;\" id=\"urn:enhancement-c30b8349\" class=\"textannotation disambiguated wl-organization\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/cisco_systems\">Cisco<\/span> <\/strong>defines Zero trust is a comprehensive approach to securing all access across your networks, applications, and environment. This approach helps secure access from <span style=\"user-select: auto;\" id=\"urn:enhancement-ecf4b19d\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/user_computing\">users<\/span>, end-user devices, <span style=\"user-select: auto;\" id=\"urn:enhancement-375924fb\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/application_programming_interface\">APIs<\/span>, IoT, <span style=\"user-select: auto;\" id=\"urn:enhancement-b764ff0a\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/microservices_2\">microservices<\/span>, containers, and more. It protects your <span style=\"user-select: auto;\" id=\"urn:enhancement-e3520566\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/workforce\">workforce<\/span>, workloads, and <span style=\"user-select: auto;\" id=\"urn:enhancement-48e96110\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/workplace\">workplace<\/span>. <\/p>\n\n\n\n<p class=\"eplus-8mCaJS\">According to <strong>David Lewis<\/strong>, Global Advisory <span style=\"user-select: auto;\" id=\"urn:enhancement-e2b67cad\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/chief_information_security_officer\">CISO<\/span> -Duo Security, &#8220;the easiest way to describe zero trust is that everything is on fire.&#8221;<\/p>\n\n\n\n<p class=\"eplus-m5PB1f\">[jwp-video n=&#8221;2&#8243;]<\/p>\n\n\n\n<p class=\"eplus-jigAwU\">He contends: &#8220;We&#8217;re looking at going back to doing the fundamental things that we should have been doing right from the very beginning, network zone segmentation, <span style=\"user-select: auto;\" id=\"urn:enhancement-3a61d3f5\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/user_computing\">user<\/span> authentications, making sure that your asset inventories are up to date. If you are building out a new programme:<\/p>\n\n\n\n<ul class=\"eplus-xRIFf7 wp-block-list\"><li>Do you know the libraries that you are including?<\/li><li>Do you know the libraries that you included in your own application?<\/li><li>Have you verified that these third party codebases are legitimate?<\/li><\/ul>\n\n\n\n<p class=\"eplus-nLfbTl\">You have to go through and trust but verify and then verify again, everything as it comes along.&#8221;<\/p>\n\n\n\n<h2 class=\"eplus-Ns2lrC wp-block-heading\" id=\"h-interested-in-a-career-in-cybersecurity\">Interested in a career in cybersecurity?<\/h2>\n\n\n\n<p class=\"eplus-JQ5b1B\">At <span style=\"user-select: auto;\" id=\"urn:enhancement-df0bea65\" class=\"textannotation disambiguated wl-organization\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/codemotion\">Codemotion<\/span> we&#8217;re big fans of resourcing <span style=\"user-select: auto;\" id=\"urn:enhancement-6022af64\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/people\">people<\/span> thinking about changing their <span style=\"user-select: auto;\" id=\"urn:enhancement-7c67f886\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/career\">career<\/span>, such as moving into&nbsp;<a style=\"user-select: auto;\" target=\"_blank\" href=\"https:\/\/www.codemotion.com\/magazine\/dev-hub\/security-manager\/so-you-want-to-work-in-cybersecurity\/\" rel=\"noreferrer noopener\">a role in cybersecurity.<\/a>&nbsp;<strong>Dr Melanie Rieback<\/strong> is the <span style=\"user-select: auto;\" id=\"urn:enhancement-aa2f2275\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/chief_executive_officer\">CEO<\/span>\/<span style=\"user-select: auto;\" id=\"urn:enhancement-d478355e\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/entrepreneurship\">Co-founder<\/span> of&nbsp;<a style=\"user-select: auto;\" target=\"_blank\" href=\"https:\/\/radicallyopensecurity.com\/index.htm\" rel=\"noreferrer noopener\">Radically Open Security<\/a>, the world&#8217;s first <span style=\"user-select: auto;\" id=\"urn:enhancement-bcd362bd\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/nonprofit_organization\">nonprofit<\/span>&nbsp;computer security&nbsp;consultancy <span style=\"user-select: auto;\" id=\"urn:enhancement-18853348\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/company\">company<\/span>. <\/p>\n\n\n\n<p class=\"eplus-X2hn9S\">She is also a former Assistant Professor of <span style=\"user-select: auto;\" id=\"urn:enhancement-e76347d6\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/computer_science\">Computer Science<\/span> at the Free University of Amsterdam (<span style=\"user-select: auto;\" id=\"urn:enhancement-3b90a064\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/vu_university_amsterdam\">VU<\/span>) who performed <span style=\"user-select: auto;\" id=\"urn:enhancement-9d18a49b\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/radio-frequency_identification\">RFID<\/span> security research (<span style=\"user-select: auto;\" id=\"urn:enhancement-c60d4402\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/radio-frequency_identification\">RFID<\/span> <span style=\"user-select: auto;\" id=\"urn:enhancement-69bccaf3\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/computer_virus\">Virus<\/span> and <span style=\"user-select: auto;\" id=\"urn:enhancement-c7908493\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/radio-frequency_identification\">RFID<\/span> Guardian), that attracted worldwide press coverage, and won several awards.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"eplus-9lZgvf\">[jwp-video n=&#8221;3&#8243;]<\/p>\n\n\n\n<p class=\"eplus-R4Bc48\">Radically <strong style=\"user-select: auto;\">Open <span style=\"user-select: auto;\" id=\"urn:enhancement-e3c6c041\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/computer_security\">Security<\/span><\/strong> is the world&#8217;s first <span style=\"user-select: auto;\" id=\"urn:enhancement-c35dcbd3\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/nonprofit_organization\">not-for-profit<\/span> <span style=\"user-select: auto;\" id=\"urn:enhancement-aed28f48\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/computer_security\">computer security<\/span> consultancy <span style=\"user-select: auto;\" id=\"urn:enhancement-1510d04\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/company\">company<\/span>. They are <span style=\"user-select: auto;\" id=\"urn:enhancement-cc0dea24\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/prototype\">prototyping<\/span> an innovative new <span style=\"user-select: auto;\" id=\"urn:enhancement-94764e07\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/business_model\">business model<\/span> \u2013 using a Dutch &#8220;Fiscaal Fondswervende Instelling&#8221; (Fiscal Fundraising Institution) to provide a commercial <span style=\"user-select: auto;\" id=\"urn:enhancement-37cc13a5\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/front_and_back_ends\">front-end<\/span>. <\/p>\n\n\n\n<p class=\"eplus-tEHK40\">This sends 90% of their profits tax-free to a&nbsp;backend&nbsp;foundation (<a style=\"user-select: auto;\" target=\"_blank\" href=\"https:\/\/web.archive.org\/web\/20180627015155\/http:\/\/nlnet.nl\/\" rel=\"noreferrer noopener\">Stichting NLnet<\/a>) that has supported open-source, <span style=\"user-select: auto;\" id=\"urn:enhancement-45042699\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/internet_research\">Internet research<\/span>, and digital rights organisations for almost 20 years. <\/p>\n\n\n\n<p class=\"eplus-drpQcS\">The other 10% has been cashflow buffer, that allows the <span style=\"user-select: auto;\" id=\"urn:enhancement-1dbc2c0\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/company\">company<\/span> to survive. Additionally, due to low management\/overhead costs, they can afford to pay competitive wages to their <span style=\"user-select: auto;\" id=\"urn:enhancement-29a6c147\" class=\"textannotation disambiguated wl-thing\" itemid=\"http:\/\/data.wordlift.io\/wl01770\/entity\/computer_security\">computer security<\/span> consultants.<\/p>\n\n\n\n<p class=\"eplus-D45uhe\">If you want to know more about how modern technologies and tools can support you for &#8211; and during &#8211; the organisation of a virtual event, don&#8217;t miss this article showcasing the best tools we used to <a style=\"user-select: auto;\" href=\"https:\/\/www.codemotion.com\/magazine\/articles\/events\/planning-virtual-conference\/\">host our online conferences<\/a> since the COVID-19 outbreak.<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>The following article was inspired by some of the best talks we had the opportunity to host during our offline conferences over the last few years. Together, they offer a broader view of the aspects related to Security. We have committed ourselves to offer you more interesting talks like the followings in spite of that&#8230; <a class=\"more-link\" href=\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/\">Read more<\/a><\/p>\n","protected":false},"author":85,"featured_media":6816,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":5,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[4329],"tags":[6280,7152],"collections":[],"class_list":{"0":"post-6815","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cybersecurity","8":"tag-devsecops","9":"tag-security","10":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Security Is Not Just the Responsibility of the Security Manager - Codemotion<\/title>\n<meta name=\"description\" content=\"We take a look at some of today&#039;s central cybersecurity themes and how they impact any developer, as well as our workplaces.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Is Not Just the Responsibility of the Security Manager\" \/>\n<meta property=\"og:description\" content=\"We take a look at some of today&#039;s central cybersecurity themes and how they impact any developer, as well as our workplaces.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/\" \/>\n<meta property=\"og:site_name\" content=\"Codemotion Magazine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Codemotion.Italy\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-02T08:13:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-11T11:30:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1012\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cate Lawrence\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CodemotionIT\" \/>\n<meta name=\"twitter:site\" content=\"@CodemotionIT\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cate Lawrence\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/\"},\"author\":{\"name\":\"Cate Lawrence\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/person\\\/df32323fd62dc47fa8892426677a2cc1\"},\"headline\":\"Security Is Not Just the Responsibility of the Security Manager\",\"datePublished\":\"2020-09-02T08:13:00+00:00\",\"dateModified\":\"2022-02-11T11:30:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/\"},\"wordCount\":1218,\"publisher\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg\",\"keywords\":[\"DevSecOps\",\"Security\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/\",\"name\":\"Security Is Not Just the Responsibility of the Security Manager - Codemotion\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg\",\"datePublished\":\"2020-09-02T08:13:00+00:00\",\"dateModified\":\"2022-02-11T11:30:49+00:00\",\"description\":\"We take a look at some of today's central cybersecurity themes and how they impact any developer, as well as our workplaces.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg\",\"width\":1012,\"height\":675},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/cybersecurity\\\/responsibility-manager\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Dev Life\",\"item\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/dev-life\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Events\",\"item\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/dev-life\\\/events\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Security Is Not Just the Responsibility of the Security Manager\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#website\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\",\"name\":\"Codemotion Magazine\",\"description\":\"We code the future. Together\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#organization\",\"name\":\"Codemotion\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/codemotionlogo.png\",\"contentUrl\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/codemotionlogo.png\",\"width\":225,\"height\":225,\"caption\":\"Codemotion\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Codemotion.Italy\\\/\",\"https:\\\/\\\/x.com\\\/CodemotionIT\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/#\\\/schema\\\/person\\\/df32323fd62dc47fa8892426677a2cc1\",\"name\":\"Cate Lawrence\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2dbf9850a6e06e402d71247f79a76d6a5adad553ed6aab558a29a4107e5e83b1?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2dbf9850a6e06e402d71247f79a76d6a5adad553ed6aab558a29a4107e5e83b1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2dbf9850a6e06e402d71247f79a76d6a5adad553ed6aab558a29a4107e5e83b1?s=96&d=mm&r=g\",\"caption\":\"Cate Lawrence\"},\"url\":\"https:\\\/\\\/www.codemotion.com\\\/magazine\\\/author\\\/cate-lawrence\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security Is Not Just the Responsibility of the Security Manager - Codemotion","description":"We take a look at some of today's central cybersecurity themes and how they impact any developer, as well as our workplaces.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/","og_locale":"en_US","og_type":"article","og_title":"Security Is Not Just the Responsibility of the Security Manager","og_description":"We take a look at some of today's central cybersecurity themes and how they impact any developer, as well as our workplaces.","og_url":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/","og_site_name":"Codemotion Magazine","article_publisher":"https:\/\/www.facebook.com\/Codemotion.Italy\/","article_published_time":"2020-09-02T08:13:00+00:00","article_modified_time":"2022-02-11T11:30:49+00:00","og_image":[{"width":1012,"height":675,"url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg","type":"image\/jpeg"}],"author":"Cate Lawrence","twitter_card":"summary_large_image","twitter_creator":"@CodemotionIT","twitter_site":"@CodemotionIT","twitter_misc":{"Written by":"Cate Lawrence","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/#article","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/"},"author":{"name":"Cate Lawrence","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/df32323fd62dc47fa8892426677a2cc1"},"headline":"Security Is Not Just the Responsibility of the Security Manager","datePublished":"2020-09-02T08:13:00+00:00","dateModified":"2022-02-11T11:30:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/"},"wordCount":1218,"publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg","keywords":["DevSecOps","Security"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/","url":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/","name":"Security Is Not Just the Responsibility of the Security Manager - Codemotion","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/#primaryimage"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg","datePublished":"2020-09-02T08:13:00+00:00","dateModified":"2022-02-11T11:30:49+00:00","description":"We take a look at some of today's central cybersecurity themes and how they impact any developer, as well as our workplaces.","breadcrumb":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/#primaryimage","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg","width":1012,"height":675},{"@type":"BreadcrumbList","@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/responsibility-manager\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.codemotion.com\/magazine\/"},{"@type":"ListItem","position":2,"name":"Dev Life","item":"https:\/\/www.codemotion.com\/magazine\/dev-life\/"},{"@type":"ListItem","position":3,"name":"Events","item":"https:\/\/www.codemotion.com\/magazine\/dev-life\/events\/"},{"@type":"ListItem","position":4,"name":"Security Is Not Just the Responsibility of the Security Manager"}]},{"@type":"WebSite","@id":"https:\/\/www.codemotion.com\/magazine\/#website","url":"https:\/\/www.codemotion.com\/magazine\/","name":"Codemotion Magazine","description":"We code the future. Together","publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.codemotion.com\/magazine\/#organization","name":"Codemotion","url":"https:\/\/www.codemotion.com\/magazine\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","width":225,"height":225,"caption":"Codemotion"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Codemotion.Italy\/","https:\/\/x.com\/CodemotionIT"]},{"@type":"Person","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/df32323fd62dc47fa8892426677a2cc1","name":"Cate Lawrence","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2dbf9850a6e06e402d71247f79a76d6a5adad553ed6aab558a29a4107e5e83b1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2dbf9850a6e06e402d71247f79a76d6a5adad553ed6aab558a29a4107e5e83b1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2dbf9850a6e06e402d71247f79a76d6a5adad553ed6aab558a29a4107e5e83b1?s=96&d=mm&r=g","caption":"Cate Lawrence"},"url":"https:\/\/www.codemotion.com\/magazine\/author\/cate-lawrence\/"}]}},"featured_image_src":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-600x400.jpg","featured_image_src_square":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-600x600.jpg","author_info":{"display_name":"Cate Lawrence","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/cate-lawrence\/"},"uagb_featured_image_src":{"full":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg",1012,675,false],"thumbnail":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-150x150.jpg",150,150,true],"medium":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-768x512.jpg",768,512,true],"large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg",1012,675,false],"1536x1536":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg",1012,675,false],"2048x2048":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg",1012,675,false],"small-home-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled.jpg",100,67,false],"sidebar-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-180x128.jpg",180,128,true],"genesis-singular-images":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-896x504.jpg",896,504,true],"archive-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-400x225.jpg",400,225,true],"gb-block-post-grid-landscape":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-600x400.jpg",600,400,true],"gb-block-post-grid-square":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2020\/07\/chris-panas-0Yiy0XajJHQ-unsplash-scaled-600x600.jpg",600,600,true]},"uagb_author_info":{"display_name":"Cate Lawrence","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/cate-lawrence\/"},"uagb_comment_info":0,"uagb_excerpt":"The following article was inspired by some of the best talks we had the opportunity to host during our offline conferences over the last few years. Together, they offer a broader view of the aspects related to Security. We have committed ourselves to offer you more interesting talks like the followings in spite of that&#8230;&hellip;","lang":"en","_links":{"self":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/6815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/users\/85"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/comments?post=6815"}],"version-history":[{"count":28,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/6815\/revisions"}],"predecessor-version":[{"id":12022,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/6815\/revisions\/12022"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media\/6816"}],"wp:attachment":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media?parent=6815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/categories?post=6815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/tags?post=6815"},{"taxonomy":"collections","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/collections?post=6815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}