Welcome to November everybody!!! As mentioned yesterday, its hard to believe where the time is going. One thing for sure, the Cybersecurity Threat Landscape will always be changing no matter what, and will even do so even more towards the end of the year and the 1st quarter of next year. Why do I mention these specific timeframes you may be asking? Well, that is when Cyberattackers tend to come out more often.
For the end of the year, it will be Holiday Shopping season, so credit cards and debit cards will be much more at risk than ever before. With the 1st quarter of 2021, that is primarily tax season, so your Social Security Numbers will also be at grave risk, so that the Cyberattacker can file false tax returns to get your refund.
But even during these timeframes, another area that is in the cross hairs of the Cyberattacker are those of Web based applications. Whether it comes to launching SQL Injection Attacks or DDoS Attacks, or simply replicating them into phony websites, this seems to be a very much favored target now. This is a topic that I have addressed before, and even wrote an entire book on as well.
While the hardware that houses these various Web applications may be safe (such as the servers), and the network communications between them are secure using a VPN and MFA, it is the source code that makes up these Web apps that are often very insecure.
In other words, as the software development teams writes and compiles this, security is often forgotten about. There are many reasons for this, which I have also written about before as well.
Some of the reasons for this include the enormous pressures to deliver the project on time and under budget. Also, there are other technical reasons as well, such as using insecure APIs to serve as a bridge in between the frontend (the client facing part of the Web application), and the backend (which is usually the database which houses the Personal Identifiable Information [PII] datasets of both employees and customers, alike).
But as much as the technical processes that software developers use can be blamed for the lack of the security on the source code, believe it or not, so can be the psychological processes as well. After all, they are human beings just like you and I, and are also very much prone to making mistakes, despite the system of checks and balances that they are supposed to be using. So, you may also even be wondering at this point, what are some these areas of psychological concern?
Well, here is a listing of some them:
*Software developers have to be focused:
Software developers have a lot on their mind, both personally and professionally. But no matter where the pressure comes from, the bottom line is that your developers have to be laser focused on the tasks that they have on hand. Of course, one may think that it is simply source code that they are compiling so who really cares, but there is a lot at stake here. For example, the Web application project could be worth millions of dollars, and if it is not done properly the first time, there could be a lot of finger pointing going on at launch time if things do not go well. Worst yet, your team may have to go all the way back to the drawing board and even redo parts of the project all over again. Therefore, to help mitigate this from happening, perhaps divide your software development team into sub teams where they are just focused one just one major component of the Web application in question.
*Try to keep your teams small in size:
Current research has shown that if there are a lot of software developers on your team, the chances of making mistakes (most likely unintentional in nature) are likely to rise dramatically. This often arises because of the sheer numbers of files that have to be transmitted, shared, QA checked, etc. But at the end of the day, your team size will depend upon how big of a Web app project that you are taking on. If it is indeed a large one, then of course you will need a large one. If this the case, then once again subdivide your team out to focus only one or two major tasks. What is an optimal software development team? A lot depends of course on the size of the project, but usually about 9-10 developers is a good enough size.
*Maintain the work-family balance:
Just like everybody else in their own, respective professions, software developers also need to have that all critical balance. Research has also shown that the average attention span for just one developer is about 11 hours, with breaks and a lunch period scheduled in between. IMHO, I think that this is away too long. Instead, have your teams work about 9 hours, and them let them devote the rest of their lives tending to personal matters. Yes, you are probably thinking that you want them to work all of the time so that you can get the project done before it is due so that you will look good in front of the client, but this can have severe repercussions in the end. A well-rested software development that are allowed to pursue outside interests of AngularJS and PHP will pay huge dividends in the end.
*Work normal hours:
Current research has also shown the greatest attention span that software developers have is in between 8 AM and 12 PM, with mental energy starting to wane at about 2 PM. It has also shown that the worst time for software coding from 12 PM to around 8 AM. So in other words, have your team work a normal schedule during the business week. But with the Remote Workforce nowadays, give your team the option to let them work when they are feel that they are the most productive, but keep in mind that there has to be time overlap with other developers on the team and project deadlines. If you must operate on a 24 X 7 basis, then perhaps outsourcing the night hours to a software development team based in another country, where it would be daylight and normal business hours for them.
My Thoughts On This
Just as much you want your team to have the technical expertise, you also want them to have the psychological traits as well to work under pressure, if needed. But you, being the Project Manager of your software development team, also have to make sure that they are working in both a conducive and comfortable environment for them in order for them to get their work done efficiently, with the most minimal amounts of mistakes being made.
Finally, the last thing that is paramount importance is to stress to your team the importance of checking the security of the source code that there are developing and compiling. I have written about this previously in other blogs postings, but stay tuned . . . I plan to write a series of blogs in which this topic will get a deeper dive, and the repercussions to your if you don’t test it.