A podcast on IT security and software development. In times of exponentially growing cyber threats and an ever-changing technological landscape, it is critical to consistently couple software development with all IT security requirements. In this podcast episode, we present insights from Vladyslav Cherednychenko, the Head of IT Engineering at About You, one of Europe’s largest eCommerce platforms for fashion.
The digital transformation is forcing every organization to rethink the way they have been working up to now. This can only be achieved through a comprehensive transformation process to become more agile as an organization in order to be able to react quickly to cyberthreats and the increasing number of requirements in software development.
Why you absolutely should not miss this podcast:
- Integrated Cybersecurity Approaches: We discuss why cybersecurity should be incorporated into the software development lifecycle from the beginning and the benefits that can be gained.
- Industry Insider Knowledge: Learn how cybersecurity and software development experts are shaping the industry from our exclusive “SecureCode Talk” podcast interview and real case studies.
- Applicable IT Security Strategies: Our podcast interview provides a clear action plan for adopting security-focused development practices.
- Current Technologies and Approaches: Discover the latest trends in cloud computing and how they are helping to develop more secure software solutions.
- IT Security Pain Points and How to Avoid Them: We identify the most common mistakes when incorporating cybersecurity practices into software development and offer solutions.
- Compliance and Legal Requirements: How to easily incorporate compliance and legal requirements into software development. We present a proactive approach to cybersecurity and help identify ways and solutions to avoid legal pitfalls.
- Business Benefits: Learn how cybersecurity not only minimizes risk, but also drives business growth and ROI (return on investment).
Whether you’re a software developer, IT security expert, or business decision maker, this podcast episode will provide you with a comprehensive look at why and how IT security should be an inseparable part of software development. With the increasing threats in the digital world, can you afford not to listen to this podcast?
About the Expert
Vladyslav’s journey into the world of IT security began in Ukraine, where he earned his bachelor’s degree in data protection and security.
Initially starting as a DevOps engineer, he transitioned into cybersecurity, eventually completing his masters in the field.
With over five years of experience at About You, he climbed the ranks to become the Head of Information Security Engineering.
About You: More Than Just an eCommerce Platform
About You isn’t just a retail destination; it has a dual business model. Aside from its retail wing, the company has a Software as a Service (SaaS) business model called ‘Scale,’ where it offers its backend infrastructure to other eCommerce platforms. With an expertise in handling high-load systems and providing a stable eCommerce experience, About You has already acquired several customers for this service.
Why is IT security so important in software development?
Cyberthreads – The number of drastic cyber attacks is increasing rapidly!
The relevance of cybersecurity has reached a new peak in the recent past. There has been a surge in cyberattacks, with a specific increase in extortion software attacks. Organizations of all sizes and from all sectors face the increasing risk of becoming the target of such attacks, having to pay large ransom sums, and suffering irreparable reputational damage.
Normative challenges and customer expectations
Not only are European authorities enforcing stricter regulatory frameworks such as the General Data Protection Regulation (GDPR), but B2B customers also expect more than ever that their partner companies can demonstrate comprehensive and certified security measures.
The question of cost efficiency
Contrary to popular belief, the long-term investment in a competent IT security team is far more cost-effective than the financial and reputational losses that a cyberattack can cause. About You has invested in preventive security measures from the very beginning. This is not just about using common practices such as penetration testing. Rather, it’s critical to create a company-wide understanding and awareness of the importance of IT security and ensure that security strategies are ingrained in all teams.
Hear more about this important IT security topic in our latest podcast episode, where we dive deeper into the intersection of software development and IT security, and an IT expert provides you with valuable insights. This podcast episode provides an essential perspective for anyone working in the world of software development who wants to develop secure software products, digital services and services.
How About You Handles IT Security: A Structured Approach
IT Security Team Composition
The company has a centralized IT security team comprising around 10 experts, with plans to expand further. This team is organized into four key circles:
- Application Security: This circle is responsible for internal penetration testing and code reviews. They assist other development teams in writing secure code.
- DevSecOps: This circle integrates security into the development processes. They employ tools that ensure both the applications and infrastructure remain secure.
- Governance, Risk, and Compliance (GRC): This circle ensures that the company meets all the external compliance requirements. They are regularly involved in audits and communicate the company’s security posture to potential B2B clients.
- Incident Response: This circle is specifically tailored to monitor infrastructure for any malicious or unusual activities and to act upon them.
Shared Responsibilities for IT Security
While each circle has its subject matter experts, there are some shared responsibilities, like incident response, to ensure that the entire team can act in case of an emergency.
Overlooking IT security is a perilous mistake that companies can’t afford anymore. At the end any organization needs to align their IT strategies to focus on security as a priority, taking a leaf from About You’s structured and comprehensive approach to managing IT security at scale.
If you are looking to bolster your IT security, it’s not just about having measures in place, but about having a continually evolving strategy to deal with an ever-changing threat landscape. After all, the safety of your company—and your customers—depends on it.
The Importance of IT Security in the Software Landscape
The cyber threat landscape is constantly evolving, with the number of cyberattacks, especially ransomware, reaching new highs year after year. As the potential costs associated with cybersecurity incidents continue to skyrocket, About You has invested heavily in security from its early days. This is not just to comply with regulatory requirements like GDPR but also to meet the security demands of B2B clients and safeguard the company’s reputation.
Challenges and best practices for IT security in software development.
Identifying and managing security risks Teams responsible for IT security must continuously balance accurately identifying attackers without hindering legitimate users. Agile development approaches and innovative security tools are critical to achieving a balance between user experience and robust security mechanisms.
Transparency of the IT system landscape
To effectively defend against threats, a deep understanding of one’s IT infrastructure is essential. Vladyslav advises a multi-tool strategy approach to ongoing monitoring, automated using diverse techniques from both the defender’s and attacker’s perspectives.
In the fast-paced digital world, integrating IT security into the software development process is not a freestyle, but a must. Tactics for efficient risk identification, incident response plans, and complete system visibility are critical for any organization to protect both tangible and intangible assets. The trick is to combine stringent security measures with a frictionless user experience – a goal that companies like About You continually strive to achieve.
Learn more about these essential software development topics now in our latest podcast episode. We speak with an experienced IT security engineering expert and provide in-depth insights into the overlapping areas of software development and IT security. This podcast is a must-hear for anyone interested in secure and efficient software development.
Leave A Comment