As Security Innovation gets bigger we've realized we need some way to preserve what makes the company special, for our customers and for our employees. I think it all comes down to Values, since that's what describes the 'Why' of what we do. Why is so much more important than What since it is the foundation, the motivation behind everything we do and in the end I think its the best way to capture the magic of who we are as a company. I think many people would start an excercise like this by defining Vision and Mission first, a top down approach. We've found its more powerful to start with values and build upwards from there.
First some definitions:
- Vision: Where do you want to go? What's over the horizon?
- Mission: Who are you? What do you do?
- Values: What do you value? Why are you doing what you do? What's important and if you gave it up would destroy the value of the company?
Here's what we've come up with so far, its not complete, just a work in progress. What do you think?
- A world free of security vulnerabilities
- To be the most trusted application security partner on the planet.
- To enable the success of our customer's application security programs.
- Improve the security of every application we touch
- Provide the world’s best combination of security expertise, trustworthiness, effectiveness, and technology to our customers
- Apply Standards, Education and Education (the Three Pillars of Success) to create a customized solution for each of our customers.
- Drive the success of each customer's application security program through a targetted set of standards, education and/or assessments based upon our understanding of their unique culture, process maturity and application security goals.
- We believe everyone has the right to secure software
- We believe everyone has the right to use a computer without fear
- We focus on the fix
- We believe developer education is a key means to achieving better security
- We believe increased awareness of security risks and mitigations will result in a healthier software ecosystem
- We believe 3rd party assessments of software can be used to keep development teams honest with themselves and their users
- We believe that can add the most value when our customers see us as a trusted advisor to improve security long term
- We believe in measuring and holding ourselves accountable to customer satisfaction in our services and products
- We believe in empowering our employees to learn and develop their skills
- We believe in an environment of trust and open communication amongst all members of the organization