To be effective at security, we embrace these philosophies:
- Protect the organization. The primary goal of your security efforts is to enable it to operate safely now an in the future.
- Collaborate with external organizations. Within the security community there is constant sharing of information between organizations, including education about new security threats and new mitigation strategies.
- Work closely with teams. Security engineers will be invited to work with teams throughout your organization to review their work for security concerns at the earliest feasible moment and in some cases to help them to secure critical aspects of their work.
- Transfer security skills and knowledge. Providing people with coaching and training in security will help to build security awareness within your organization. Security training should be provided to all members of your organization, with deeper training and education provided to IT staff who are directly involved with development or operations of secure systems.
- Holistic security. Your security efforts must address the production of your people; your intangible assets, such as corporate data and intellectual property (IP); and your physical assets such as buildings and vehicles.
- Common security infrastructure. Security engineers will help teams to identify and adopt appropriate security procedures, tooling, and technologies. They will also develop and evolve security guidance for your organization.