From the course: Introduction to Product Security
What is product security?
From the course: Introduction to Product Security
What is product security?
- Product security was always a mystifying domain to me. I thought it was just a new buzzword in the cybersecurity industry to make job titles sound more appealing. Turns out product security fits its name very well, and there's an entire community of product security professionals that connect and share ideas. I am hoping the information provided to you in this course will give you everything I needed when I made my transition into product security. There is a lot of overlap between product security practices and the more traditional practices of cybersecurity. On occasion, you'll see a social media debate on whether cybersecurity is more technical than the information security space. For the sake of this course to ensure we're learning from the same perspective, information security is the most broad umbrella. Product security, cybersecurity, and GRC make up the information security umbrella. Specific specializations like pen testing, application security, compliance, and incident response fall into the cybersecurity, product security, or GRC buckets. We'll be comparing many cybersecurity concepts and specialties to those in the product security space. Here is what we'll be covering in this course. In simple terms, product security refers to the strategies and methodologies used to protect products from threats. These threats include, but are not limited to unauthorized access, abuse, information disclosure, disruption, modification, or destruction. Examples of products can include software applications, operating systems, network services, or any other technology that stores, processes, or transmits data. Understanding product security is about recognizing that any technology product can be vulnerable to threats, and, with the right strategy can protect the asset and its customers. All products are vulnerable to threats, especially products with third party integrations and infrastructure hosted elsewhere, which can be key entry points for attackers. Product security does not only involve technical aspects of securing the product, but includes regulatory and legal compliance. When working with products that handle sensitive information, product security professionals need to ensure that the product complies with industry standards and regulations to protect customer data and user privacy. With the rapid evolution of the threat landscape, it's important for product security professionals to stay vigilant when ensuring the confidentiality, availability, and integrity of products. We will be discussing a wide range of these topics, from threat modeling and secure development to what a PSIRT is and how it compares to cybersecurity incident response life cycles. The ultimate goal of a product security team is to enable the resilience of a company's products against inevitable threats while maintaining the trust and loyalty of their customer base.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.