Hacker News new | past | comments | ask | show | jobs | submit login

Why aren't there Security Process Engineers (SPE)? I was recently waiting on a massively delayed flight and observed three instances where employees left the computer behind the check in desks unlocked. I'm sure these computers checked off all the requirements for having a firewall turned on, anti-malware software, auto-updates turned on, etc. But the front door was left wide open because the employees were forced to move between their counters and the actual jet bridge. Since they get penalized for late flights, but not for security breaches it seemed as if they didn't care. This would be where a SPE would come in and propose something to remediate the process failure.



There are certainly this type of thing out there.

SSI or software security initiatives, when given greenlights based on buy in from governance can introduce secure processes.

But before this happens to any meaningful level, risk based anaysis should prove it is cost effective. Guess what those analysis say?




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: