The challenge: Build a software security program rooted in a security-first culture

Tasked with building a software security program nearly from the ground up, Mathieu Chevalier, lead security architect at Genetec, understood one thing to be true: his efforts to bolster and grow his organization’s security program would require a trusted and proven strategy. Mathieu noted that the “main drivers [of his methodology] were to use a quantitative approach to establish a plan for what to focus on and to benefit from the experience of others that had already done so.”

At the start of his security initiative journey, Mathieu quickly identified Genetec as being “early in [its] software security initiative… with no software security team.” Understanding that the promotion of and adherence to a software security program would require more than policies and practices, Mathieu set out to promote an environment and culture in which security was prioritized.

The critical problem Mathieu faced was not only developing the program, but also finding a way to reinforce his strategy with proven methods and approaches. Essentially, he needed a way to validate his strategic decisions. He also understood the need to foster trust and belief in his software security initiative.