How can product managers ensure their IT team prioritizes security?
Learn from the community’s knowledge. Experts are adding insights into this AI-powered collaborative article, and you could too.
This is a new type of article that we started with the help of AI, and experts are taking it forward by sharing their thoughts directly into each section.
If you’d like to contribute, request an invite by liking or reacting to this article. Learn more
— The LinkedIn Team
Security is a crucial aspect of any software product, but it can often be overlooked or deprioritized by IT teams that are focused on delivering features and meeting deadlines. As a product manager, how can you ensure that your IT team values security as much as you do and implements best practices to protect your product and your users? Here are some tips to help you foster a security-conscious culture and collaboration among your IT team.
The first step is to communicate the security vision and goals for your product clearly and consistently to your IT team. Explain why security is important for your product, your users, and your business, and how it aligns with your overall product strategy and value proposition. Use concrete examples and scenarios to illustrate the potential risks and impacts of security breaches, and how they can be prevented or mitigated by following security standards and guidelines. Make sure your IT team understands the security requirements and expectations for your product, and how they will be measured and evaluated.
-
Prem P.
Results-Driven Professional | User Acquisition | Growth Strategies | Product Optimization
The security vision should be communicated in simple and clear terms that everyone can understand, regardless of their technical background. Avoid jargon and complex terminology. Leadership should lead by example. Executives and managers need to champion security practices, which sets the tone for the entire organization.
17
-
Rohit Mangal
Director Product at Zee Entertainment Enterprises Limited
Security often takes back-seat in normal BAU, since this is one activity/task which is not adding to Top Line. However, be sure that it takes only one false shot or one good bowl for a wicket to fall, no matter how good batsmen is OR how many big shots one has played. Remember for a sustainable product, it's a TEST match & we need to be fool-proof/secure to not to endure any whiplash for just one miss. Hence, Security has to be priority for a sustainable product.
7
The second step is to involve your IT team in security decisions and planning, and make them feel part of the solution, not the problem. Solicit their input and feedback on security issues and challenges, and listen to their ideas and suggestions. Encourage them to share their knowledge and expertise on security topics, and provide them with opportunities to learn and grow their security skills. Recognize and reward their security contributions and achievements, and celebrate their successes. Make security a regular topic of discussion and review in your meetings, reviews, and retrospectives, and foster a culture of continuous improvement and learning.
-
Prem P.
Results-Driven Professional | User Acquisition | Growth Strategies | Product Optimization
IT staffs can identify and assess potential security risks and vulnerabilities within the systems and applications they manage, helping to proactively address security concerns. They understand the interconnectedness of systems, applications, and data flows. Their involvement ensures that security decisions consider the full scope of the organization’s digital landscape.
10
-
Lilith Wecker
Product Lead | Product Strategy, Innovation, Discovery, UXR
One of the biggest challenges to building secure and sustainable product infrastructure is the lack of IT involvement in strategic and roadmap discussions. This can lead to a disconnect between the product vision and the technical realities of implementing it, which can create security vulnerabilities. IT involvement is essential for informed decision-making. Also, early collaboration leads to better outcomes. Engaging IT early on in the product development process helps to ensure that security is considered throughout the lifecycle, rather than as an afterthought.
8
The third step is to provide your IT team with the necessary tools and resources to implement security effectively and efficiently. Provide them with access to security tools and platforms that can help them automate, monitor, and test security aspects of your product, such as encryption, authentication, authorization, logging, auditing, scanning, etc. Provide them with security guidelines and checklists that can help them follow best practices and avoid common pitfalls. Provide them with security training and education that can help them stay updated and informed on security trends and standards. Provide them with security support and assistance that can help them resolve security issues and incidents quickly and smoothly.
-
Luca Chisholm
Senior Technical Consultant at Cocentric
Often this is a crucial part of the security by design principle that can be missed. Resource for security can sometimes be hard to secure as it doesn’t always immediately translate into sales, however setting yourself up for success with core security technology and platforms ensures that your product can be built from the ground up with security at its core. Reputation can be everything and to have a starting reputation as a safe and secure product can translate into continued long term success.
9
-
Prapti Jain
Fintech & AI Product Manager - IDfy | Juspay | ISRO
With time, attackers are evolving and getting smarter to. To be able to fight any potential attacker, an entity we do not even know of, we should be able to put our best foot forward. It is crucial to invest in the best technology and practices to ensure that our teams are equipped with the best weapons and ready for any such threats. This becomes even more critical for organisations dealing with sensitive data.
4
The fourth step is to collaborate with your IT team on security testing and validation, and make sure that security is integrated into your product development lifecycle, not treated as an afterthought or a separate phase. Work with your IT team to define and prioritize security tests and validations for your product, and ensure that they are performed regularly and thoroughly. Review and analyze the security test results and feedback, and identify and address any security gaps or vulnerabilities. Incorporate security feedback into your product backlog and roadmap, and ensure that security fixes and enhancements are delivered promptly and effectively.
-
Imran Alam
Product Manager at bKash Limited | Linkedin Top Voice in Product Management
Collaborating effectively with the IT team on security testing and validation, particularly through Vulnerability Assessment and Penetration Testing (VAPT), is crucial in modern product management. Regular meetings and information-sharing help identify potential security vulnerabilities early on, allowing for proactive mitigation. Another critical aspect is integrating security into the product development lifecycle from the outset, ensuring that security checks are not an afterthought but an integral part of the process. Involving automation tools and scripting for VAPT can streamline and accelerate the testing process, making it more efficient.
6
-
Lee T.
ICT Manager | IT Operation, Security, Infra & App Management | Business Transformation,Implementation & Deployment | Prince2, PMP, ITIL Service Strategy, Transition, Operation & Design | BA - BIS
By integrating security into the product development lifecycle, you're taking a proactive approach rather than treating it as an afterthought. This approach helps in identifying and addressing security concerns early in the development process, which is both cost-effective and crucial for maintaining the trust of your users. Defining and prioritizing security tests and validations with the IT team is a vital step. This ensures that you focus on the most critical security aspects specific to your product. Regular and thorough testing is essential to keep up with the evolving threat landscape. Reviewing and analyzing security test results and feedback is where you can identify vulnerabilities and security gaps.
5
The fifth step is to empower your IT team to own security, and make them accountable and responsible for the security of your product. Delegate security decisions and actions to your IT team, and trust them to make the right choices and execute them well. Avoid micromanaging or overruling their security judgments, and respect their autonomy and authority. Support and enable them to make security trade-offs and compromises, and balance security with other product objectives and constraints. Encourage and expect them to report and escalate security issues and incidents, and to communicate and collaborate with other stakeholders on security matters.
-
Abdallah Mortada
Product Management matters (not SaaS)
The IT team is the front line of defense against security threats. Product managers can help to ensure that the IT team prioritizes security by empowering them to own security. This means giving them the authority to make decisions and take action to protect the product. It also means providing them with the resources they need to do their job effectively. Here are some specific things that product managers can do to empower the IT team to own security: -Create a security council that includes the IT team. -Provide the IT team with the authority to make security decisions. -Provide the IT team with the resources they need to do their job effectively. -Support the IT team in their efforts to keep the product secure
4
-
Prapti Jain
Fintech & AI Product Manager - IDfy | Juspay | ISRO
When you foster a culture where system security is a non-negotiable aspect and not just another 'compliance requirement', you are helping in establishing culture where the IT and infra teams will be encouraged to take ownership with authority.
3
The sixth and final step is to lead by example on security, and demonstrate your commitment and support for security in your own actions and behaviors. Model and uphold security values and principles, and show your IT team that you care about security and take it seriously. Follow and enforce security policies and procedures, and comply with security standards and regulations. Educate and advocate for security among your users, customers, and partners, and promote the security benefits and features of your product. Acknowledge and learn from your security mistakes and failures, and strive to improve your security performance and outcomes.
-
Prem P.
Results-Driven Professional | User Acquisition | Growth Strategies | Product Optimization
Sharing real-world examples of security breaches and their consequences to illustrate the importance of security, case studies of organizations that suffered security breaches and how they could have been prevented and keeping the security vision up-to-date to align with evolving threats and technology - these measures greatly contribute to the security strategy of an organisation.
1
-
Prapti Jain
Fintech & AI Product Manager - IDfy | Juspay | ISRO
Your actions mirror your views. If you wish to set-up a culture where security teams are equipped and own their pieces, it is important that you show the same through your actions by respecting and understanding the requirements and not just 'pledging', but also implementing the same.
1
-
Prem P.
Results-Driven Professional | User Acquisition | Growth Strategies | Product Optimization
Some initiatives that could help, - Conducting security drills and exercises to ensure employees know how to respond in case of a security incident. - Frame security discussions in terms of business risks and impacts to help executives and stakeholders understand the business case for security. - Establish channels for employees to report security concerns or suggest improvements, fostering a sense of ownership.
7
-
Tony Pagliocco
Chief Product Officer at RAI Digital | Ex-Boeing ✈️| Ex-Hasbro 🕹| Gartner Product Management Community Ambassador 🎓| Agile Evangelist & Data Driven Leader of Best-in-Class Product Teams 👍
It is important to remember that working around areas like security. It needs to be something baked in to the DNA of every person working on the team and on the product. Two often we focus on aspects of design and implementation that end up leaving out main holes in areas because they’re not driven into the culture. I think that having a solidalt of clear definition of done and acceptance criteria big into each user story helps allow security to be remembered across multiple dimensions besides just IT
1