Welcome to the second issue of the ReThink Security newsletter. First, we want to thank all of you for your overwhelmingly positive response to this idea. This was an experiment, and we didn't know how it was going to turn out, but it appears that there is real pent up demand for free, high quality, software security related content.
So without further ado, let's dive into this week's articles:
- Inspiring Your Teams in Security - Security enforcement is the traditional way of thinking about security, in which security teams are set as a gate to pass before software is allowed to be released. Because of this, development teams see security requirements as hurdles to pass instead of valuable insights. With an attitude like that it’s no surprise that development teams aren’t excited to work with security.
- Getting to Yes - On Joe's recommendation, I recently read Getting to Yes, written by Roger Fisher, William Ury, and Bruce Patton for the Harvard Negotiation Project. The book is nearly thirty years old, but it has been continuously updated and it still contains lessons worth learning. Even more importantly, the book taught me an overall framework for thinking about negotiation that I can now use to improve both my personal and professional life.
- There Has Never Been a Better Time to Get Into Security - I just returned from the 27th Defcon security conference. I’ve been attending for the last 12 or so years and it has been interesting and fun to see the conference grow and mature. Once intimidating due to the homogenous attendees, lewd contests, and a “Try Harder” mantra, it has now evolved into a great place to learn and meet new people.
- What About AI in Security? - I was recently asked to give a talk about the state of AI in the field of Cyber Security. As I put together my comments, I found myself wondering, as I often do when on this subject, why AI hasn't made a bigger impact on my field. I've been thinking about how to use AI techniques to improve security results for nearly two decades, and while the tooling and platform have gotten bigger and better, the impact I have been expecting has not yet materialized. Why is that?
We want this to be valuable to you and we’re working hard to deliver something that we think will help you understand the security landscape better. If there’s something we can do to improve, please let us know. If there's a topic you'd like us to cover, please send us your suggestions.
If you have any questions or comments, please don't hesitate to email us at newsletter@rethinksecurity.io
- Jason Taylor and Joe Basirico (J&J)
