"Oftentimes companies wait until they grow to a certain size or have a full technology stack before they begin thinking seriously about security. The problem with this is that, statistically, it's a matter of when you will have a security problem, not if.
So our observation is: If you wait until your company reaches some arbitrary milestone before implementing mature security practices, you may already be late to the game. (If you'll pardon the obvious, it's not a great practice to put your life jacket on after your boat gets in trouble; it's much better to put it on at the very start - i.e., as soon as you board the boat.)..."
Read More ...