re: I am a Developer Advocate for Security in Mobile Apps and APIs, Ask Me Anything VIEW POST

TOP OF THREAD FULL DISCUSSION
re: A couple questions: What does the interview process look like for security engineers? What's the hardest part about advocating for security?
 

What does the interview process look like for security engineers?

I am not responsible for hiring, but I know that when they hired me for the Developer Advocate position, they where looking for an individual with a security mindset and with coding skills in the API and Mobile Apps landscape. In my case I had to do a presentation where I would evaluate a demo the company uses and show my knowledge around certificate pinning in mobile apps. They gave me around 2 weeks to prepare for it, and as part of that preparation I wrote some notes here.

When the CTO is back from holidays I can ask him what is more important to him when hiring a security engineer.

What's the hardest part about advocating for security?

It's that people think that only happens to others, and that we are being paranoid, and this even after you present with some links to concrete cases of monumental failures of addressing the security basics in a project.

Becomes easier to advocate when your audience already have felt in their skin the experience of their application being hacked, but even in this situation you still have developers and businesses refusing to treat security as a first class citizen.

Security must be present in a project from day zero, not as an afterthought, because you after have built your prototype, and more often than not, it will become the MVP(Minimal Viable Product), thus making more difficult to add security into it due to decisions made in earlier stages.

code of conduct - report abuse