Skip to main content

The journey to AppSec gold: Lessons we can learn from the Olympians

feature-security-champions-program

August 15, 2024

0 mins read

The 2024 Olympics are in full swing, and everyone at Snyk is excited to tune into the games and cheer on our respective countries’ athletes. There’s a lot to love about the Olympics — dazzling opening ceremonies, heart-racing feats, close-call victories, and so much more. But along with all the fun and excitement comes a sense of inspiration. Hearing stories about how athletes train for years and stay focused amid ups and downs can encourage us, mere mortals, to persevere in our respective work, hobbies, and passions. 

The Olympic athletes’ training journeys remind us that gold medal wins don’t just happen at the games. They start with the everyday consistency of getting up and training hard. It’s a lesson we can take to many areas of our lives, including application security. In the same way that Olympians must put in years of consistent training, it takes a lot of consistent hard work, focus, and perseverance to “win” at AppSec. 

But where are the best places for teams to put their focus and consistency? In honor of the Olympic games, let’s cover a few of the “training areas” that can catapult teams forward on their journeys to AppSec gold.

Building a winning team with developer collaboration

Just as the best athletes need the support of coaches and teammates to succeed, application security requires teamwork. The best AppSec programs are collaborative partnerships between security and development teams. 

To foster stronger developer collaboration, security teams can start by working with — not against — existing workflows. Integrating seamlessly into developers’ preferred ways of working can look like in-line scanning and fixes, practical remediation advice, and support for emerging technologies like AI-generated code security.

The most important thing in the Olympic Games is not winning but taking part.

– Pierre de Coubertin (founder of the modern Olympic Games)

Remembering the “why” with an asset-first perspective

As Olympians prepare for the games, they must also remember the big picture “why” behind their grueling training days: continuous improvement. In the same way, application security teams need the proper perspective to achieve success. There’s no such thing as perfection in the Olympics or in security; it’s all about getting better with every training session and every line of code. Often, that means prioritizing certain focus areas, like speed or agility.

Today’s security teams will see the most AppSec progress when they view vulnerabilities from the perspective of which assets they affect and the level of associated risk. Vulnerability counts based on CVSS often don’t tell the whole story, such as where a vulnerability is located or how risky it is to the organization’s bottom line. An asset-first perspective on risk fills in these context gaps. By finding and fixing vulnerabilities based on their locations, teams can concentrate on the fixes that matter most and avoid breaking other parts of the application during remediation by accident.

In the midst of an ordinary training day, I try to remind myself that I am preparing for the extraordinary.

- Shalane Flanagan, American long-distance runner and Olympic medalist

Honing your security skills and techniques with the right intelligence

Training for the Olympics also requires honing the right skills and techniques over time. Athletes often lean on their coaches and mentors to help them see what they themselves can’t see in the mirror. Similarly, security teams must find the right sources to gather data on the latest vulnerabilities and risks. 

It’s essential to use accurate and up-to-date information from a mix of public sources, developer communities, and expert research. Using technology such as human-in-the-loop AI is also a good idea to quickly identify the most pressing vulnerabilities and find the most effective fixes.

Improve your technique or skill level. Be a student of the strategies of your game, whatever they are.

– Bob Bowman, Michael Phelps's coach

Snyk’s gold-medal approach to application security

Winning at application security requires consistency—implementing the right practices and doing them well repeatedly. Snyk helps organizations do just that by providing risk-based application security solutions that integrate seamlessly into modern development workflows. 

Find out more about how our application security posture management (ASPM) solution helps teams go above and beyond and achieve gold medal-worthy AppSec.

feature-security-champions-program

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.