upvote

points

by alephnerd1 days ago |
comments
upvoteby sdevonoes1 days ago|
next
[-]
As an “actual” software engineer, what do you recommend me to read to work in cybersecurity? Assume I have a solid background in OS internals, algos, networking, software engineering. I have never worked in cybersecurity though (I have never reversed engineered anything)
reply
upvoteby alephnerd1 days ago|
parent|
[-]
What do you specialize in as a SWE? Can you identify architectural or implementation bugs and think about how an attacker can exploit that to laterally move across your environment?

Cybersecurity is basically a wholistic architectural review of software that takes business, engineering, and operational context into account to make a qualified judgment about risk.

reply
upvoteby greenie_beans1 days ago|
parent|
[-]
i'm one of these developers who found myself doing a lot of security-oriented devops work. how do i get away from compliance? i hate checking boxes, feels like it creates some pointless work sometimes. compliance alone makes me never want to do cybersecurity but i enjoy the architecture stuff and thinking about threats
reply
upvoteby alephnerd1 days ago|
parent|
[-]
> i hate checking boxes

> hate checking boxes, feels like it creates some pointless work sometimes

Everyone does. It doesn't actually help reduce tangible risk, but it helps you understand the operational and liability aspect of cybersecurity which is critical as well.

> compliance alone makes me never want to do cybersecurity

Compliance =/= Cybersecurity. If you work in an organization where security actually means compliance, then leave.

---

Honestly, it's region and industry dependent. If you are east coast, transition into a JPMC or GS tier bank (yes, banks are bleeding edge security personas).

If you are west coast, it shouldn't be difficult for a SRE/DevOps/Cloud type to become a SWE or Solutions Engineer at a cybersecurity company.

If you are in Europe, get an H1B and leave. I literally helped sponsor 2 O-1s today from European cybersecurity founders who wanted to leave becuase of subpar terms and bureaucracy.

reply
upvoteby iainctduncan1 days ago|
prev|
[-]
Definitely agree. I guess I should have specified I meant "real programmer who wants a career". ;-)
reply