Everybody wants more applications, but somebody has to be responsible for assessing the cyberthreat to their growing application portfolio and ensuring an appropriate risk-management structure.\nThat was the topic that practitioners, consultants, and influencers eagerly turned to when #IDGTECHtalk focused on how to evaluate and improve your organization\u2019s security posture in a Twitter chat Feb. 25, moderated by @nyike (Isaac Sacolick) and sponsored by @GlobalNTT.\nDo organizations have programs in place to manage risk across their applications portfolios? Definitely, according to Techtalkers. Are these programs operating at optimal performance? Maybe.\nBusinesses are rapidly revising existing programs to manage risk across application portfolio. 2 main reasons. #multicloud apps and #wfh access behavior. Both need unified visibility with changing #security risk profiles & many more app attack vectors\u00a0 Adam Stein@apstein2\nStill, nobody can afford to be complacent:\nThe challenge is though that there are so many applications, of which they all need to be secured. Attackers have the advantage that they need but one insecure application to gain entry. Ben Rothke@benrothke\nAutomation may not be the total answer, but as part of a solution is essential.\nTracking all [vulnerabilities] and trying to keep up is no longer a human-scale process. Too much to track, too much to fix. Automating can call out the most risk-worthy things that need fixing ASAP.\u00a0 Nick Gonzalez@nickg1421\nAutomation can really move the needle, not just by uncovering vulnerabilities but also by getting the right findings into the hands of the right developers as fast as possible. WhiteHat Security@whitehatsec\nIs there confidence that security and dev teams are fully trained on appsec and are sufficient resources committed?\nFirst \u201chahahaha.\u201d Second, most hiring needs never address this because you\u2019d never be able to hire anybody. I\u2019ve called for \u201csecure coding\u201d riders in our contracts, but realize that socializing secure coding skills is often on the org & not the individuals. Am\u00e9lie E. Koran@webjedi\nSufficient whaaaaaaaat? \ud83d\ude07 Training is anybody's guess, but comments like "that piece of code hasn't been touched since the '90s, and probably nobody still with the company really knows it" implies a strong no... Chris@CPetersen_CS\nSecurity, though, can\u2019t be ensured by any one team or person, it\u2019s got to encompass the entire organization.\n#cybersecurity is most effective when everyone understands that they are part of a larger whole, which requires organizational change management and training to drive adoption. Kayne McGladrey@kaynemcgladrey\n*Make it a culture! _____Perhaps, include it in the recruitment policy. _____Train employee on safe practices. Since it only takes a slight slip to get exposed. Benjamin A. Martins@Benni_aji\nFinally, some advice on what to do if a breach is suspected.\nStay calm. Access the damage and BE TRANSPARENT. If you are honest and transparent with your customers and with the rest of us, you'll at least save some face. If you lie, and try and covered it up, you're going to look like a real jerk (PG-13) Nick Gonzalez@nickg1421\nOr, the moderator noted, you could just:\nBreak glass for (Brand | BC | DR | Infosec | .... ) planIsaac Sacolick@nyike\nThere\u2019s much more advice and insights to peruse @idgtechtalk. In the meantime, check out how NTT can help ease the security burden.