Hybrid working and the new normal are here to stay. After months of remote working, the behaviors we strived to establish in the workplace perhaps disappeared. With our environment changing so fast, it’s pretty challenging for security professionals to build and maintain a positive security culture.

What do we mean by security culture?

Security culture is how an organization manages security towards people, processes, and technology. We, the users, are at the heart of security. The impact we have on the security posture of the company is enormous. However, adopting a security culture may be difficult without the appropriate processes and technologies.

In a positive security culture, we are aware of the potential problems and the risks, and we are accountable for our actions. Changing bad security habits for good ones is easier when we understand risky behaviors. Unfortunately, change doesn’t happen overnight, and we cannot automate it. Instead, we need to focus on continuous improvements in our processes over time.

How do we empower our teams at Delivery Hero?

Creating a security culture goes beyond just rolling out an annual e-learning module training. It works to maintain compliance, which is extremely important and gives our users the basic security knowledge they need to work, but mandatory training as the only approach towards security does not enable the security culture.

Security awareness plays a fundamental role in helping us to develop a positive security culture. Good security habits are easier to build when we give our users personal and impactful security practices that do not just end when they leave the office or turn off their work computers.

How are we growing our Security Awareness Program?

There is no one-size-fits-all Security Awareness program. Each company needs to tailor the plans to their organization and culture. Although we believe that using less traditional approaches to training can help us leverage the Security Culture, we are continually trying to find ways to support our program, and creativity plays a significant role in it. Also, an essential part of the process is to have measurable initiatives to help us to determine whether the approach was helpful or not. 

With fewer in-person meetings, planning gets a little tricky, but simple initiatives are our best card to play:

• Phishing awareness campaigns: providing our users with the tools to understand what phishing looks like and how to report malicious emails.
• Digital content: delivering impactful messages using videos, infographics, posts, and making the most of our communication tools.
• Security training sessions for our engineers: aimed to disseminate application security content.
• As part of the activities for Cybersecurity Awareness Month, we hosted a new edition of a Virtual scavenger hunt, open to everyone in the company.

Recently, we launched a Secure Code Tournament with some of our engineers. We aim to identify ‘Security Champions’ amongst our developers, give them an overview of their secure coding strengths and most importantly, make learning about secure coding a fun, engaging, and interactive experience.

What is in the future for our Security Culture?

We will work on more approaches like the Security Champions Program to get help from other teams to engage in our security initiatives. Gamification will play a significant role in our program as well. Hopefully, it will help us leverage security and increase engagement in our Security Culture. As we keep growing, our team keeps focusing on improving our Security Culture and increasing the security ownership throughout the company, which will help us to ensure that the security of our customers and heroes is at the heart of everything we do.

If you like what you’ve read and you’re someone who wants to work on open, interesting projects in a caring environment, we’re on the lookout for CyberArk Engineers, Senior Security Engineers | Digital Forensics, Senior Security Engineers | Fintech. Check out our full list of open roles here – from Backend to Frontend and everything in between. We’d love to have you on board for an amazing journey ahead. 

Cost optimization and resource optimization are two subjects that go hand in hand. That’s why this article focuses on how we utilize resources in a better way to achieve a significant cost reduction.

In this article, we hope to display how we run a part of our AWS computing fleet on Spot Instances at Delivery Hero. Delivery Hero aims to have a substantial area of the business running on Spot instances by the end of Q2.

Get to know Moataz Nabil, Senior SDET here at Delivery Hero SE. In this interview, Moataz shares his passion for automation testing and what aspects he likes most about it.

In today’s post, Miguel Angel Mingorance Fernandez, one of our Systems Engineer here at Delivery Hero, shares how the online food ordering and delivery business scales for rapid growth with New Relic.

The Process of defining/designing a Microservice’s architecture is always painful and flaky. I used to hear the phrase “make it small”, or “make it simple” and all of those kinds of common Microservices stereotypes. The real question is, how do we measure how small is small? Or how simple to make it?