• Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
CircleCityCon 2015

CircleCityCon 2015

Leveraging the security mindset of others

November 21, 2016

I am over six months into my new role as a senior software security engineer. My role has me embedded with the development team. I go to meetings and interact with the team on a day-to-day basis. My desk is in there area. I go to lunch and conferences with them. As I’ve gotten more familiar with the environment and team, my task list has started to grow.

One of my co-workers noticed this and while leaving a meeting the other day asked if security had plans to hire another security person. I responded that I thought they might in the future, but that I wasn’t counting on it. It took two years to fill my role. With the current “talent shortage” it may take another two years to fill a similar role.

My strategy for getting security into the software development life cycle is to leverage the skills and knowledge of the developers. They are really smart people, so I put a focus on improving the security mindset of the developers. In meetings, I let them to talk through security issues and find their own solution. Just me being there the developers know that security needs to be taken seriously. For the most part they choose the right path.

I also recognize when security issues are identified and addressed by the development team without my involvement. The development team is already doing a lot of good things from a security perspective. By recognizing that in a meeting or one-on-one I am amplifying and encouraging that type of behavior. Using that strategy, I’ve started to see improvements in the development team in regards to security. The other person I was discussing this with agreed. They were seeing more focus being made on security.

Do we need more people in security? I don't know. What I do know is that the security industry is having a tough time finding the right people. Maybe we need a different strategy. I think that strategy should include leveraging the security mindset of others. I've had some encouraging results so far. It will be interesting evaluate the strategy a year from now.

This post first appeared on Exploring Information Security.

In Experiences Tags Talent Shortage, infosec, security, appsec
← How to find your niche in information securityRethinking the security team →

Latest PoDCASTS

Featured
Jul 15, 2025
[RERELEASE] What are BEC attacks?
Jul 15, 2025
Jul 15, 2025
Jul 8, 2025
[RERELEASE] How to crack passwords
Jul 8, 2025
Jul 8, 2025
Jul 2, 2025
[RERELEASE] How to find vulnerabilites
Jul 2, 2025
Jul 2, 2025
Jun 24, 2025
[RERELEASE] What is data driven security?
Jun 24, 2025
Jun 24, 2025
Jun 17, 2025
[RERELEASE] What is a CISSP?
Jun 17, 2025
Jun 17, 2025
Jun 10, 2025
[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security
Jun 10, 2025
Jun 10, 2025
Jun 4, 2025
How to Perform Incident Response and Forensics on Drones with Wayne Burke
Jun 4, 2025
Jun 4, 2025
Jun 3, 2025
That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet
Jun 3, 2025
Jun 3, 2025
May 28, 2025
when machines take over the world with Jeff Man
May 28, 2025
May 28, 2025
May 20, 2025
How to Disconnect From Cybersecurity
May 20, 2025
May 20, 2025

Powered by Squarespace