top | item 18488975

(no title)

40 is a great time. In fact, I went down a similar path.

Now that you've done your share of sysadmins, SRE and software developer, you can see how things can fail. That's the heart of security. As tptacek advises, choose an area of security to focus on and go down that path for awhile. You'll find you will want to go further or jump to another path, but security is a great thing. The world is going to need more security-aware people and you can be at the forefront of it.

My current security focus is holistic defence of data flowing from customer to company. The whole SDLC lifecycle. It's fun but super challenging because it focuses on changing human mindsets and behaviour, but my Dev and ops skills are essential to my technical success.

And certs are useless on their own. Don't do certs unless you can specifically get something out of it. Your work experience is much more valuable than a cert at this point.

discuss

jrumbut|7 years ago

If you don't mind, I would love to know how "changing human mindsets and behaviour" and "Dev and ops skills ... technical success" go together for you!

Is your goal creating a development process that leads to a secure system, or securing a system made by an existing process? How much code do you write? Maybe some tasks you've enjoyed or a typical day would be great.

I say this because, while I've never had or wanted a title that included security, as a dev I often find myself looking at "holistic defense of data flowing" and attempting to improve the situation. A role based on that concept is interesting.