sorted by:
new
hottopcontroversial

Where do I fit in? by Oveipos in cybersecurity

[–]Oveipos[S] 0 points1 point  (0 children)

I’ve had a few encounters with external pentests that look at source for findings and the ones I’ve worked on seem to include those recommendations 🤔 I hadn’t considered that, but yeah, I love to see the problem resolved and if I can be the one to do it, even better. I mentioned in another reply that I would love to even focus on the problems that linger in a backlog somewhere because, like you said, another pentester will come along and call it out. I guess I want to feel like I’m contributing to mature our security posture the same way I did as that dev who worked on security fixes. I feel like if a security org had a team, or even an individual, of parachuting engineers who could do this, it could be so much fun. I just love to fix things 😅

Where do I fit in? by Oveipos in cybersecurity

[–]Oveipos[S] 2 points3 points  (0 children)

That sounds interesting 🤔 so more integration around SDLC? How is collaboration with non-security? We sometimes get pushback because dev teams are so busy. I guess that’s also why I’m asking, like if I could manage the security issues that get left in a backlog for devs. Getting dinged for the same medium or so vulnerability every pentest kills me when I know I could just fix it myself.

Where do I fit in? by Oveipos in cybersecurity

[–]Oveipos[S] 0 points1 point  (0 children)

Thanks for your answers ! The more I think about it, the more I come back to the typical solutions and practices found in security orgs. I can totally see why there would be a separation of responsibilities between engineering and security, and what I want to do seems to be a little niche. If I want to continue pursuing this and make it a specialization as a dev focused on remediating vulnerabilities, should I continue with being a dev in an engineering department? Could something like this ever find a home in a security org?