First, a product manager must understand if the company takes security seriously. For example, if the company does not have a security team or a very good partner, that would be a concern.
Assuming there’s a security team or a security partner, I suggest working very closely with that team to engage with that team to understand what they are doing with the challenges. This is a very complex topic; the product manager needs help understanding this topic.
The second piece of advice is to work as a product manager and measure any risks and opportunities regarding security. And that comes from what I said before you need to work closely with the engineering team, and you need to understand how security can impact the business, and you need to translate that into numbers.
And fortunately, today, there are very good tools for that to be captured as we can. For example, we can capture how often security topics come from sales meetings because those meetings, at least some of the authorized ones, are recorded. We can capture the intent of the meeting. And it’s at a very large scale to capture all our security. It’s important for our customers. We work closely with sales, understand how security is a differentiator to customers, and prioritize based on those decisions.
Don’t forget existing customers because security keeps evolving, and their concerns keep changing. You need to stay very close to your customer and to the security team on their side to understand what new challenges their business is facing. And, of course, that will be very different from vertical for healthcare, fintech, and government agency. All that will have different concerns, all different sizes. As a product manager, you need to make security part of the conversations of the user research and customer research you are doing.
So those are some of my advice to young people. Talking a little bit about me – there are always things we can do better. In the past, in the early days, we were not paying enough attention, even myself. But it was a very different context. It’s hard to compare regarding security.
What I feel is the biggest challenge is understanding how important that topic is for the organization because it’s very difficult if you are working in an organization that doesn’t pay attention to that despite all the arguments and all the numbers and the risks, it becomes very challenging.
If I look back, I would have put more attention into working at a higher level so that something could be prioritized across the company. Because if we start at a higher level making that a priority, then everything becomes easier.
In summary – Build a strong partnership and have an innovation mindset which is the product managers’ view, and then automatically basis so that security automatically gets viewed into it as part of your overall framework of prioritization justifications, ROI, and everything.