Developers Need Two Things: The Nexus Platform and a Full Pot of Coffee

Three days after Uber’s epically bad cyber incident, I saw a LinkedIn post that featured their many new job openings in security. Like others that picked up on it, I found this funny, but not necessarily in a “haha” way; it was more like schadenfreude. It’s not that I was happy about how the attack would affect Uber’s users, but it was more about watching yet another company suffer the consequences of failing to invest in proper security measures before something bad happened.

Investing in security only after an attack is a pattern common among both small and large companies alike. I’ve personally worked in three different security fields–national, data, and software supply chain–and have noticed one constant that permeates all three: the most difficult part of working in security is making people care about security before an embarrassing cyber incident occurs.

Why does cyber security get left on the back burner? 

To start, it represents a common aspect of many parts of our lives. We have limited time and money, so we prioritize things that we feel are the most important. Sometimes we have the foresight and ability to prioritize things that will be important in the future. Still, we often prioritize things right in front of us at any given moment.

Sponsorships Available

Sponsorships Available

Sponsorships Available

It’s bad enough when this happens personally, but what happens when a company approaches the security of its software supply chain with this mindset? Uber’s reaction is one of many possible results. 

Sadly, Uber is not the first organization, nor will it be the last. It goes all the way to the top, illustrated by the United States government reacting to the huge Solarwinds hack by appointing new cybersecurity officials. 

Log4j is another example. Despite being one of the worst bugs in (Read more...)