Making Security Second Nature: Maryam Shoraka’s Vision for Developers
Corinium’s Maddie Abe spoke with Maryam Shoraka, Head of Cyber Security Operations at the NSW Department of Communities and Justice about the strategic secure coding.
Secure coding isn’t just a developer’s responsibility—it’s a core component of a robust security strategy. With constant pressure to deliver applications quickly, the challenge lies in embedding practical, actionable security practices that don’t disrupt workflows. So, how do we align strategic secure coding with the realities of developers and leadership?
In this interview, we delved into approaches for integrating secure coding into fast-paced environments, addressing critical vulnerabilities, and creating a culture that values secure code as a foundation for resilient software.
Key Points Discussed:
Security by Design
Maryam emphasised the importance of incorporating security from the earliest stages of development. She highlighted that developers should adopt a "security by design" mindset, ensuring cyber security is considered throughout the software lifecycle. This approach reduces risks often missed due to tight deadlines.
Yes, we've heard this many times, but we can't deny that the primary goal of making cyber security integral to decision-making, which sits at the heart of security-by-design, remains elusive in some organisations.
Balancing Security and Speed
Maryam compared secure coding to developing habits while driving—regular training and education can make secure coding second nature for developers. She advocated for integrating secure practices into routine workflows to maintain development speed without compromising security.
This would be the ideal level of cyber security maturity. Security-conscious developers are invaluable, and assistance in the form of training, the provision of appropriate tools, and the opportunity to be mentored by more experienced developers will foster an environment in which code is crafted with a security-first mindset, with the precision and attention to detail required to take software to the next level.
Role of Automation
Automation tools, such as static and dynamic application security testing (SAST and DAST), were recommended to streamline secure coding practices. Maryam noted the potential of AI to enhance these tools, particularly in CI/CD pipelines, to identify and address vulnerabilities efficiently.
Fostering a Security-First Culture
Maryam acknowledged the challenges of instilling a security-first mindset in developers, especially when secure practices may seem slower. She stressed the importance of education, training, and fostering a culture that prioritises secure coding as a shared responsibility.
This mindset shift is critical for scaling security across teams, especially in fast-paced environments. It's a balanced and strategic approach that helps build both secure code and a resilient culture.
Ultimately, building a security-first culture comes down to human factors—education, training, and shared responsibility are key to driving secure coding habits.
Don’t miss the opportunity to hear more from Maryam Shoraka at AppSec & DevSecOps Sydney 2025 and Cloud Security Sydney 2025 on 12 February, Royal Randwick Racecourse.
If you would like to share your experience and insights at the event, feel free to reach out to Maddie Abe (Content Director).