Strength in Numbers: Axis Collaborative Approach to Cybersecurity
September 26, 2024
Cybersecurity is a vital part of our products and an area we are constantly developing. But did you know that Software Engineers are crucial to this challenging and exciting effort? We spoke to three people at the center of Axis cybersecurity to learn more about our unique system of coaches and satellites who help keep our products and customers secure.
An empowered team
As cyber threats grow more sophisticated, so does our approach to countering them. “Security is integral to everything we do, from technology development to our daily operations,” says Jonas Falk, Axis Director of Cybersecurity. Leading the cybersecurity effort is the Axis Software Security Group (SSG), a central team of five security engineers working in the R&D organization. They have developed the Axis Security Development Model (ASDM), a framework that defines the process and tools we use to build software with security built-in throughout the lifecycle, from inception to decommission.
But can five people handle the cybersecurity of a large organization like Axis alone? Definitely not, which is why the team has implemented a unique network of “satellites”—around 75 individuals who act as the SSG’s feelers across the company. Instead of tackling the security work themselves from a centralized position, the SSG team coaches and empowers the satellite Software Engineers to take the lead and understand how to do the work themselves and, in turn, coach their teams. By becoming a satellite, you not only enhance your skills and knowledge but also play a vital role in developing innovative cybersecurity solutions.
How the satellite system works
To dig a bit deeper into how this setup works, we spoke to three members of the SSG team: Eva Haslum has been at Axis for over 12 years, first as a Software Developer and satellite and then in her current role on the team as a Software Security Engineer, where she’s been for the last six months. Lisa Eneroth was also an Axis Software Developer and satellite for three years before joining the SSG team two years ago. And Tara Hassani, Software Security Engineer, who joined Axis and the SSG team two years ago – right after her master’s in computer sciences.
Lisa explains how you can become a satellite, “It all starts with identifying the need for a satellite in the R&D department. Then the R&D manager puts forward one of the Software Engineers they think would be a good fit for the role.” Eva adds, “But of course, if you’re interested in security, you can also put yourself forward. You don’t need to be a security expert; we’ll coach you in that and give you support; you just need to be curious and enjoy working together and teaching others.” While any software engineer can become a satellite, there has been a noticeable and encouraging increase in the number of women joining the network. Eva speculates why, “We are nearly all women in the SSG team, which perhaps inspires other women to join.”
“We are nearly all women in the SSG team, which perhaps inspires other women to join.”
Once in the satellite role, you typically divide your time, spending around 80% on usual tasks and 20% on cybersecurity responsibilities. The SSG runs initial workshops and coaching sessions with the satellite and their team. As their competence grows, the SSG team begins to step back, allowing the satellite to lead the work, while they continue to get support. The network of satellites acts as a support system and a way to facilitate knowledge sharing and best practice. While the satellites help make our products more secure, Lisa stresses an important point, “Satellites are not responsible for the security of the final products—the line manager in the R&D organization always has the ultimate and final responsibility if something should happen”
Why work with cybersecurity?
Eva tells us what she enjoyed about being a satellite and her current role, “It’s a fantastic way to get to know the entire organization, and you get to work with people across departments and markets. Then, as a part of the SSG, you get a really in-depth understanding of the Axis portfolio—probably more than most people in the organization.” Lisa explains that while she was a satellite, she always looked forward to the security tasks, so much so that she eventually decided to switch to full-time security work, “It’s a very rewarding job. You can go from being a teacher one moment to a problem solver the next, and you get to see the products evolving.”
The benefits of taking a decentralized, collaborative approach to cybersecurity are numerous, “It results in a much higher quality of security work because it’s being developed and implemented by people who truly know the products and the associated risks,” says Lisa. Lisa, Tara and Eva also agree that this way of working fits the Axis company culture, where we are committed to solving problems together and empowering each other.
Looking for a new career in an innovative workplace?