Security is hard. It's worthwhile to read about various attacks to understand the magnitude of ways in which stuff is attacked.
Your system will be breached. Mitigation strategy is as important as the "wall".
A system is never "secure", you can only balance security goals with current risks and available resources.
Privacy is inseparable from security. Even if you're irresponsible and don't care about your users, the attackers will.
Security becomes harder as the data becomes more valuable. Most systems are really only secure because nobody really wants the data they store. As a company becomes successful, the attackers will come.
Security is a moving target. You are are never done implementing security.
User security is as important as corporate security.
Being open about security is the only way to know it's correct. There is no security through obscurity.
Everybody is responsible for security. Every person and every machine is a potential attack vector.
Kim Arnett [she/her] leads the mobile team at Deque Systems, bringing expertise in iOS development and a strong focus on accessibility, user experience, and team dynamics.
I follow these two guys on Twitter: (@Scott_Helme)[twitter.com/Scott_Helme] and @troyhunt. They're a source of lots of security articles, research, breaches, etc. I try to keep up on recent events, and do a deep dive in the web whenever a concept/term comes up that I don't know.
Kim Arnett [she/her] leads the mobile team at Deque Systems, bringing expertise in iOS development and a strong focus on accessibility, user experience, and team dynamics.
Practical advice:
Do you have any books or suggested reads on various attacks?
I follow these two guys on Twitter: (@Scott_Helme)[twitter.com/Scott_Helme] and @troyhunt. They're a source of lots of security articles, research, breaches, etc. I try to keep up on recent events, and do a deep dive in the web whenever a concept/term comes up that I don't know.
Awesome! Thanks!!