Good coding defines secure software, said Glenn Kapetansky. Its opposite — bad coding — is inherently "unsecure," said the chief security officer and technology capability lead at Trexin Consulting during an episode of the CISO Stories podcast.
That distinction can be defined by agile development and what has been called “adaptive development learning,” but back when Kapetansky worked at Bell Labs, it was instead regarded as the Systems Development Life Cycle (SDLC) — or simply “tricks for getting things done.” The core principle then and now remains the same: when you set out to deliver something, you need to be adaptive.
“If you don’t have enough time and money and resources, then you have to nimbly step through the best decisions you can and be willing to change them daily,” said Kapetansky. “If you don’t pay attention to the software development environment, then you’re missing truly a major part of your security profile.”
Kapetansky has worked in diverse industries such as healthcare, finance, energy, consumer products, and telecommunications. His current focus areas at Trexin Group are agile management, data protection, and audit/regulatory compliance.