Meera Rao | October 2018
I was a software developer and continuous integration practitioner for more than 20 years before I unintentionally found myself in the cybersecurity field.
This was during the great recession of 2008. I remember even today the date: October 3. That was the day I found out the company where I was working was closing. I had no idea what my next move would be — or should be.
I soon found myself interviewing at a security firm, which would later be acquired by Synopsys. The interviewer asked tons of questions about security. I kept repeating over and over, “I have no security background.” Despite this, I must have said something that enticed them because they gave me an offer the following day.
Since I had no clue about anything related to security, my project reviews were initially bad. However, I vowed to be the best. I burned the midnight oil to learn — from scratch — everything about information security. Learning to speak intelligently about the field, and sharing my knowledge at conferences, helped me a great deal to build my security career.
Having a solid understanding of software development, end-to-end knowledge of the software development lifecycle and a deep understanding of software architectures was instrumental to my success in the field. Yes, these are the three key areas in which you should gain knowledge and experience to excel within the software industry, but they are even more important to an application security career.
Wondering how you can become part of a fast-paced industry that has a severe talent deficit, all while making a positive impact on the world and growing your career? Let’s examine some of the newest, trendiest areas of specialization in cybersecurity:
1. Cloud Security Practitioner
Cloud is the talk of the town. Every organization, big or small, wants to move to the cloud, thanks to its flexibility, cost, ability to recover data, security methods, and ease of use.
To work as a cloud security practitioner, you’ll need to illustrate that you have experience building, communicating, and managing cloud environments. You should be able to demonstrate how you have supported and/or managed migration to the cloud-delivered a cloud-native project, or delivered cloud automation.
Do you have a working knowledge of Amazon Web Services, Microsoft Azure, and Google Cloud Platform? How about knowledge of Red Hat OpenStack? This expertise is highly valuable.
If you don’t have these skills right now, does that mean you can’t work as a cloud practitioner? Not at all. Take baby steps to learn your way around one cloud provider. Get to know the terms and become proficient. Then, move on to other cloud providers. It’s about the journey and building your skills over time.
2. DevSecOps Engineer
DevOps, DevSecOps, SecDevOps — whatever you call it, this methodology is on the rise globally. If you are interested in being part of a great DevSecOps team as a DevSecOps engineer, you should gain experience in containerization technology, preferably Docker and Kubernetes.
It is important to have written enterprise in Java applications using the JEE technology stack. Have deep knowledge of build automation (using tools like Jenkins and Bamboo) and release automation (using tools such as Jenkins and Puppet), plus experience using scripting languages (e.g., Ruby and Python).
If you don’t yet hold these skills, you can learn them as long as you have access to a computer. There are free online resources to help you learn these languages. It may take a while, but it’s time well spent.
3. Security Champion
Security champions provide the first level of defence when it comes to offering application security guidance to development teams. Security champions serve primarily as developers, but also play a larger role in ensuring their applications are secure.
Champions might spend all their time performing security reviews, providing remediation assistance, and training developers across a portfolio of applications. If you are part of a development team, have good communication skills, and are curious to know more about security, you’re an ideal candidate to become a security champion.
4. Security Consultant
Do you like travelling? Does the idea of parachuting in to stomp out bugs and flaws wherever they hide sound exciting? If so, you would enjoy life as a security consultant. In this role, you can perform source code analysis, software penetration testing, and secure software design and architecture, all while becoming an indispensable advisor to customers.
This role also requires an understanding of application architectures, frameworks, and application threat landscapes. There is a growing need across all areas of cybersecurity, and this is an excellent starting point to build your security skills.
—
The key to being successful when it comes to a career in cybersecurity is the drive to constantly learn about new attack vectors, strategies, and threats. Above all, you’ll want to focus your drive on helping customers exterminate bugs and untangle the flaws that make their systems insecure.
Meera Rao is the senior principal consultant at Synopsys.