Most of us never know who does the security testing for our development teams. Sometimes it’s an internal team, maybe external. Sometimes it doesn’t even happen at all. Some of us are building security testing into our current practices, from the ground up. Some managers may feel that there isn’t the time, skills or resources to do security testing. Many testers may feel they don’t have the skills.
A few of you might not feel empowered to take the lead. Inevitably, they might feel that they don’t need to worry about it, as it is someone else’s problem. And this is a serious dysfunction. Let’s look at the essential steps to build and execute your own security testing strategies. Let’s examine how learning and mentoring can aid in the development of strategies. You can and should build up your own skills with integrated security testing. This will ensure ongoing relevance of your role in a security context, and the success of your organisations.