No. The principle applies to the structure of the organization and it’s culture in the same way as to it’s software.
Walking skeleton comes from software engineering, yes, that’s where I picked it up. But I intended it as a more general metaphor.
In the same way that it is difficult to add security into a software that never had it, so is it difficult to add a security mindset to a workforce that never had it. The relevant touch points are missing everywhere. HR doesn’t know what to look for, it’s not an interview topic with sufficient depth, nobody asks you to assign a strong password, pen tests are done superficially because no one knows all the endpoints to test etc.
You have start talking about this from the start and grow all of them as you go.
No. The principle applies to the structure of the organization and it’s culture in the same way as to it’s software. Walking skeleton comes from software engineering, yes, that’s where I picked it up. But I intended it as a more general metaphor. In the same way that it is difficult to add security into a software that never had it, so is it difficult to add a security mindset to a workforce that never had it. The relevant touch points are missing everywhere. HR doesn’t know what to look for, it’s not an interview topic with sufficient depth, nobody asks you to assign a strong password, pen tests are done superficially because no one knows all the endpoints to test etc. You have start talking about this from the start and grow all of them as you go.