Security is not optional in this age. If you want to give your customers insight into their dealings with your business, it is paramount they only see the information they are allowed to see and nothing, or no-one's, else.

Even when you don't expose sensitive information to your customers, your site must still be secure from SQL injection, cross-site scripting (XSS) or forgery. Most of this is easily handled by today's web frameworks, but still it's important to be aware of these threats in order to effectively counter them.

During my time at PGGM, me and my team were responsible for researching and implementing new security measures required by the evolving environment without harming customer experience. This gained me a deep knowledge of ADFS, OAuth, SAML2, Single-Sign-On, DigiD, Forms Authentication and SharePoint security, along with the workings of certificates and encryption that goes with all of it.