Abstract
Application security has become increasingly important as organizations digitally transform and rely more on software to operate. However, balancing security with competing development priorities like speed and new features presents ongoing challenges for program managers responsible for overseeing application projects. This study explored the perspectives of 10 cybersecurity program managers through interviews to understand their approaches to security governance and the common obstacles faced. Key challenges included pressuring developers focused on rapid delivery to also consider threats, limited security testing resources, and difficulty prioritizing among risks. However, establishing security requirements early in planning and integrating validation checks directly into workflows helped shift security left. Close collaboration between functions and leadership support for proper training and staffing also aided prioritization. While generalizability was limited, data saturation was reached on major themes. Establishing security guidelines upfront aligned with frameworks, yet deeper cultural changes may still be needed at firms resistant to oversight. Metrics and skills shortages also require attention. The research validated the pivotal role of program managers and provided insights into both barriers and effective practices, with implications for process improvements and leadership support to strengthen application defences.
Publisher
International Journal of Innovative Science and Research Technology
Reference35 articles.
1. Aljabri, M., Aldossary, M., Al-Homeed, N., Alhetelah, B., Althubiany, M., Alotaibi, O., & Alsaqer, S. (2022). Testing and Exploiting Tools to Improve OWASP Top Ten Security Vulnerabilities Detection. 2022 14th International Conference on Computational Intelligence and Communication Networks (CICN), 797-803.
2. Bilgihan, A., Kandampully, J., & Zhang, T. (2016). Towards a unified customer experience in online shopping environments: Antecedents and outcomes. International Journal of Quality and Service Sciences, 8(1), 102-119.
3. Fischer, R. J., Fischer, R., Halibozek, E., Halibozek, E. P., & Walters, D. (2012). Introduction to security. Butterworth-Heinemann.
4. Forte, V. (2021). Automatic Binary Analysis and Instrumentation of Embedded Firmware for a Control-Flow Integrity Solution.
5. George, A. S. (2023). Evolving with the Times: Renaming the IT Department to Attract Top Talent. Partners Universal International Innovation Journal, 1(5), 21-46.