Unsung Heroes of Cybersecurity
This is a writing sample from Scripted writer Francisco Krishnan
Security teams are the rarely thanked defenders of today's digital lifestyles. In peak performance, they are invisible. Only when problems arise do people tend to take notice.
Think of a day when a company's security was greatly enhanced. It may have been as routine and boring as it gets. In the morning, 3 more patches that were released were immediately applied to load balancers, a database, and of course Adobe Flash. In the afternoon, a pen test result comes back with 1 minor severity vulnerability on a test server - a cross-site scripting issue that is confined to test data. That saved time goes to fix a vuln where any self-signed certificate was allowed in the mobile app - a much greater concern.
When a competitor's app fell victim to a man-in-the-middle attack for the same reason, that proved to be the right decision.
The security team properly triaged its own time, focusing on severe vulnerabilities first.