TL: Because more and more business risk is tied to technology risk, it’s important for all business leaders to have a correct understanding of technical debt—what it is, what causes it and the potential security implications—so that you feel empowered to ask questions about it.
If your organization prizes automation and speed, you’re likely acquiring technical debt. So, you want to make sure it is acceptable debt.
The right kind of technical debt increases the speed and agility of your business. The wrong kind of technical debt will needlessly expose your organization to increased security risk. Talk about this distinction as a leadership team. The business priorities you emphasize drive the behaviors that keep technical debt under control, or conversely, cause it to mushroom.
The C-suite needs to support the CISO in making sure that developers and others involved in software projects have the best current knowledge about security. Have you trained your programmers to do secure coding? Are you striving to include as much automated security testing as possible in your CI/CD process to enforce security best practices?
Leadership—the C-suite—needs to set the right tone for developers regarding the importance of IT security. Developers will do what leaders reward. If you are rewarding speed over security and code quality, you may be increasing your organization’s cybersecurity risk.
As a leader, you can influence your organization to do the right thing.