Security trainer Jim Manico from Anahola, Hawaii-based Manicode Security recently was about to teach a class of developers. First to speak was the multibillion-dollar firm’s CEO: “Look, developers, when you’re faced with revenue versus security, we’ve always traditionally said go push revenue. In 2016, that’s over. I want you to prioritize security over revenue.”
Manico says the CEO’s preamble was a shock to his system. “Boards and C-level executives are now accountable,” Manico says. “They’re seeing executives get fired. They’re finding religion because they have to.” Such a mentality is the characteristic of successful security programs, he adds.
And this is not just by accident, Manico says. “They have board and C-level sign off around decisions of financial expenditures. Management must get board buy-in when asking for huge sums of money to pay for cybersecurity strategies.” It’s the difference, he adds, between doing security haphazardly or really committing to it.