A Good Defense Wins Every Game


Publish Date

Feb 6, 2019

Written by

Andrei Bezdedeanu

Tagged with

  • DevSecOps
  • Get Started with DevSecOps
  • Security strategy
  • Super Bowl

The New England Patriots just won their sixth Super Bowl. It was the lowest scoring Super Bowl in history—the fewest combined points, the lowest-scoring first half in 44 years (3 points), the most time elapsed without a touchdown—and certainly not a very exciting one. Defenses prevailed in this historic game. The Patriots’ defense was outstanding for the entirety, never allowing the Rams’ high-powered offense to even enter the Red Zone.

Just like in football, a company’s security posture is best managed with a strong defense. Good coaching, studying the opponent’s offensive strategies and understanding their attack patterns will result in a winning game plan. You can develop a proper security strategy by knowing your critical assets, performing early threat modeling and understanding the potential attackers and their motives. Once you have your game plan, you need to execute: from basic fundamentals to blocking and tackling on every play; from static analysis on every code commit and build, to composition analysis and dynamic testing of the deployed components. Football is a team sport, and security is everybody’s business, from developers and engineers to security, audit and risk teams, all the way to the C-Suite. Practice with pen tests, special (Red) Teams, and never let go of good practices and fundamentals. Play like a winning Super Bowl team every day.

As Coach Belichick would surely say, “Do Your Job.”

PS: If you had seen it yet, be sure to watch my latest webinar “Getting Started with DevSecOps.” In it I outline how to seamlessly automate and orchestrate security across the entire SDLC; the foundation of DevSecOps, and the application development and deployment processes; and how to remove the cultural differences between DevOps and SecOps teams to make way for collaboration.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles


When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.