30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
Thank you for bringing in an end-end delivery chain viewpoint! When I'm doing infosec awareness talks around the company, I emphasize the fact that a lot of security fails are because of gaps in that chain, disconnects in understanding each other.
This leads me to a thought - perhaps those of us who 'like a bit of everything' are actually well suited to infosec, able to see the gaps and help people close them? Does that appeal @queenoflilikoi?
Web developer at Greggs, UK with a proficiency in VueJS, Tailwind, and Storyblok, as well as other frameworks. I'm also passionate about web design, and mobile app development.
30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
I heard a similar viewpoint from what I see is a growing "trend" in security.
The change from typical "pen test" and "checklist", to "threat modeling", which takes a more incremental approach together with the development team.
Improving a few items at a time as part of the sprint. Across the whole chain (even the segments manually done by humans), onto what makes sense. Instead of overwhelming the team with a 1000 pointer checklist.
In such a setup, the security team is part of the process of the entire chain, and advice accordingly.
As such, recent recruitment by some of these infosec companies are more on generalist, than traditional "infosec graduates". Much to the horror of some of the recent infosec graduates, who is surprised to now realize they are expected to learn programming.
Web developer at Greggs, UK with a proficiency in VueJS, Tailwind, and Storyblok, as well as other frameworks. I'm also passionate about web design, and mobile app development.
Thank you for bringing in an end-end delivery chain viewpoint! When I'm doing infosec awareness talks around the company, I emphasize the fact that a lot of security fails are because of gaps in that chain, disconnects in understanding each other.
This leads me to a thought - perhaps those of us who 'like a bit of everything' are actually well suited to infosec, able to see the gaps and help people close them? Does that appeal @queenoflilikoi?
It may very well do, Phil. I'd have to look into what you mean by infosec: is it a shortened name for something? :)
Gah - sorry fell into the acronym trap: Information Security!
I heard a similar viewpoint from what I see is a growing "trend" in security.
The change from typical "pen test" and "checklist", to "threat modeling", which takes a more incremental approach together with the development team.
Improving a few items at a time as part of the sprint. Across the whole chain (even the segments manually done by humans), onto what makes sense. Instead of overwhelming the team with a 1000 pointer checklist.
In such a setup, the security team is part of the process of the entire chain, and advice accordingly.
As such, recent recruitment by some of these infosec companies are more on generalist, than traditional "infosec graduates". Much to the horror of some of the recent infosec graduates, who is surprised to now realize they are expected to learn programming.
Haha! I'll look into it :D