This is a article from my "Dev Chats" series where I speak to an awesome developer or techie every week or so. You can read more here. Let me know in the comments if you find these useful to you!
Laura Bell. Security Nerd.
I’m Laura Bell, you might have met me on the internet or at conferences or as part of my work at SafeStack. I’m a 33 year old security nerd from Auckland, New Zealand with two missions in life:
Make sure everyone has the right to be safe on the internet
Help people build amazing (secure) things, really, really fast
I founded SafeStack in 2014 as a way to change the way we do security in fast paced environments and to bring some innovation to the way we do security.
I’d just graduated university and took a job doing Java development for the UK government. It was not as much fun as the brochure promised and soon I had many feelings and opinions about the quality of the code I was writing.
Eventually these feelings and opinions reached the ears of the security team who gave me an option other than get fired. I moved to work with them and switched from development to penetration testing and red teaming (hacking for good not evil).
There are two ways to see this.
Most developers aim to build high quality code that minimises defects first time around. By doing so they can move onto more exciting challenges and provide an excellent product. Security is a quality measure in the same way that scalability and performance are. We need these things as much as we do functionality.
Secondly, thinking about security as a developer can mean embracing simplified designs or removing ambiguity, confusion and complexity. These are the places that security vulnerabilities like to hang out. When we start working in this way our code is better quality, easier to maintain and more secure. This all means we can go even faster.
I don’t agree.
Security jobs in their current format will cease to exist soon enough. The future won’t need isolated specialists for most roles, it will need proactive hybrids.
I think the reality is all of our roles are evolving. The best of us will just adapt and evolve along with them.
How has conference speaking (we’ve all see you around!) impacted your business and career? What’s the strategy there?
Honestly, I started speaking internationally as a bet to myself. I wanted to find a way to get better at speaking and so in a sudden burst of enthusiasm, I applied to some massive USA conferences in the dead of the night. I then promptly forgot all about it.
Four months later, my inbox filled with acceptances and I had to step up and give it a shot.
SafeStack is a tiny bootstrapped company without a marketing team or budget. Conference speaking has given us a chance to show our approach globally despite the lack of resources.
It’s been great for the business obviously but on a personal level it led to the book (Agile Application Security by O’Reilly) and a network of peers around the world that I can learn from and share with.
That it’s ok to have a different approach to those around you and that it’s ok to fail. Security is a field that likes to play it safe. We have stuck with the same ways of doing things for years without challenge. Trying new things is scary but it means we can learn and grow. Embrace failure as part of this process.
Wiggly fingers for life.
Embrace serendipitous discovery. Don’t plan your career, the world is changing to quickly. Embrace the challenges around you, take risks and see where you end up.
I have a 4 year old daughter so I spend a lot of time learning about animals and dinosaurs right now. I’m also an amateur photographer, surfer and do Yoga.
Does it help my career?
Directly? probably not. However security is a very stressful space (as is being a company founder) making room for hobbies outside of technology gives you the headspace and relaxation to tackle hard challenges in your day job. If you don’t have an outlet, you get a little broken.
Of course you should all be checking out the latest OWASP Top 10 that was released in November 2017 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project but here are a few books and things that you might also find interesting.
(Oh and I guess my book but that feels gross to talk about)
At this time of year, go look at something other than your work. Go out and get a break. Reconnect with the world and your loved ones.
If that’s not your jam however you might want to give some love to your favourite open source projects. Every OS project needs extra hands and we need to all get stuck in to make them safer to use and more sustainable.