How to Shift Left and Increase Long-Term Efficiency

  • Planning: The senior members of the team decide how to approach the project.
  • Defining: The team defines what it needs to finish the product through an SRS (Software Requirement Specification) document. The customer or market analysts will look over and, if satisfied, approve it.
  • Designing: Using the SRS, the team develops a DDS (Design Document Specification). A DDS maps out the architecture of the product and is reviewed by all stakeholders.
  • Building: The developers build the product.
  • Testing: The developers test for, find, and fix product defects.
  • Deployment and Maintenance: The company releases the product to market, possibly in stages. They then maintain the product as needed.
  • Governance accompanies Planning: The team develops a security plan. Developers are trained on securing code.
  • Design accompanies Defining and Designing: The team identifies potential risks and designs security features to prevent hackers from taking advantage of them. For example, let’s say a hacker tries to brute-force a password by entering several common letter and number combinations. The team could design a lockout feature that blocks someone from accessing an account if they enter an incorrect password five times in a row.
  • Implementation accompanies Building: Implementation ensures developers build software in a standardized, repeatable way. During this phase, the team will also specify how bugs are collected, recorded, and analyzed.
  • Verification accompanies Testing: This stage defines how a company performs security testing. Teams will typically use a combination of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools.
  • Operations accompanies Deployment and Maintenance: This stage defines how an organization responds to security threats or breaches and how it will continue to maintain app security after the product hits the market.




Co-founder and CEO of HackEDU. Previously a CISO. 15 years in cybersecurity.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to setup a simple shop system in Unity

hololive 1期生 時乃空在2022年1月22日(四)舉辦演唱會 Theatrical Cover Live「Role:Play」!

What Is A Mobile Application? — Echo Innovate IT

Dockerization of gRPC service in Ruby

Whither Requirements?

Hadoop Sandbox on Google Cloud

The Sky Is The Limit With Bulk Loads

Kubernetes: How to Actually Do StatefulSets

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jared Ablon

Jared Ablon

Co-founder and CEO of HackEDU. Previously a CISO. 15 years in cybersecurity.

More from Medium

Virtualization: your second OS


Remote tasks secured leveraging SSH-Agent

The Serendipity of Social Networking

why sms (TXT) is not a reliable 2nd authentication factor