Lowell S. answered • 05/07/25
Healthcare Leader & Mentor/Leadership/Communication Coach
Trusting a developer with security, especially when it’s not your area of expertise, is a little like trusting a pilot to land the plane when you’ve never flown before. You have to rely on signals of competence, not just gut instinct.
Here’s what I tell folks: Don’t try to become an expert in security overnight. Instead, ask the kind of questions that reveal how they think. For example:
“How do you stay current with cybersecurity best practices?”
“Can you walk me through how you’d protect sensitive user data in this project?”
“If a breach happens, what’s your step-by-step response?”
If they speak in buzzwords or vague reassurances, that’s a red flag. But if they break it down clearly, using language you can understand, they probably know what they’re doing and respect your need to stay informed.
Also, look for signs they follow secure habits before you even ask, do they use version control like Git, recommend encryption standards, or suggest things like two-factor authentication without being prompted? Those habits speak volumes.
Lastly, check their past work. Have they built things that handled sensitive data? Do they have references or examples where security was a focus? It’s not about being paranoid, it’s about being proactive.
You don’t have to become a coder. You just have to learn how to listen for mindset, not just skillset.
