Tag Archives: change

Career change

It’s been quite a well since I’ve written so I should start somewhere.

In July 2019 I’ve transitioned to Security Engineering from Software Development. I’m an Application Security Engineer since then. It’s been, and still is, a fun ride.

Why did I switch from development? Honestly there’s a mix of reasons: I’ve wanted to try something different, I’ve grown dissatisfied with the position I was holding and there was this opportunity to remain at my current employer under a new manager that I’ve respected more.

What is Application Security Engineering? Although I’ve been in this new field for 5+ years now I still feel like a total n00b. Therefore I’ll try to explain as best as I can…

Application Security is the sub-field of Information Security which aims to measure and improve the security posture (level) of software applications. There are several components:

  • Secure Design: thinking how to properly build the piece of software from a security standpoint
  • Threat Modeling: analyzing the actors, interactions and trust boundaries, in order to identify and mitigate risks
  • Secure Coding: using tools and practices to prevent, identify common security vulnerabilities in code
  • Vulnerability Management: monitoring and patching 3rd party software included
  • Incident Response: preparing plans to properly handle security incidents (sometimes, but not always “hacks”)
  • Compliance: ensuring that the application meets industry security standards, legal requirements, and best practices

There’s many new tools and techniques that complement the ones used in software development. Some are FOSS (Free Open Source Software), some are not, some are reliable and mature, some not really.. Sometimes you build your own security tools because of monetary reasons (yes, the cost to build still is cheaper in some areas).

I used to think Security Engineering is just a small area, well defined, right next to Software Development. Boy was I wrong…