Jacob DePriest, VP and Deputy Chief Security Officer at GitHub
“Trust and security are table stakes for every industry, and it’s crucial for businesses and their security teams to remain vigilant as they navigate this complex threat landscape. I firmly believe that we can continue to make significant software security gains with a focus on the following key pillars.
Security teams across companies need to work in close collaboration with engineering and product teams to protect against and react quickly to new threats. With threats becoming more varied and complex, we also need to see more diverse workforce hiring within security teams to combat these. This will ultimately lead to a stronger security culture, closer integration with engineering, and faster innovation to combat attacks from malicious actors.
Security leaders should seek opportunities to build an environment where the security team is a trusted partner to the business while prioritizing open, transparent communications around security events. That partnership should also extend outside of the organization across the public-private sector, in support of shared security goals and the open source developers behind the software we all rely on. Additionally, driving consumer and B2B awareness of the importance of good cybersecurity practices is essential. CSOs speaking publicly about their approaches to better security and security team members sharing their best practices with partners, peers, and customers will only lead to more brand and partner trust.
Finally, looking ahead, we’re going to see AI ushering in a new era of security, which will fundamentally change how we prevent vulnerabilities from occurring in code. For all the talk of “shifting security left”, there’s no better way to do that than what we’re seeing with the AI-assisted pair programmer right in the IDE. While it’s early days in this space, tools like GitHub Copilot are helping to ensure the code developers are writing is safe and secure in real time, holding some of our most promising opportunities to secure code from the start.
