I wouldn’t want to be a developer these days

Are you a software developer? If so, I don’t envy you.  Of all the possible positions working in and around IT, you’ve arguably got the toughest one. I’ve witnessed it over the years while performing my own security assessments as well as hearing about it from friends and colleagues who are developers. You’ve literally got people coming at you from every angle:

Information security staff are testing your apps every month calling your baby ugly
Internal auditors are asking why certain security gaps have not been addressed
Compliance managers are telling you that you’re violating company policy
Sales and marketing reps are requesting more security features to “wow” their customers
Tech support staff are relaying messages from customers about all the security features getting in their way
Business partners and customers are inundating you with their 50-page security questionnaires asking if SSL is used, servers are being patched, and firewall rules are audited periodically
Executives are asking you and everyone else “What’s this security thing you speak of?”

These people want answers – now. They’re often distracting. They’ll bug you. No, they’ll badger you until you tell them what they want to hear or until you come up with a “fix”. Sure, there are reasons behind all of this. Some good, some mindless. Either way, it’s got to be tremendously difficult to manage.
On (continue reading...)