• Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
CircleCityCon 2015

CircleCityCon 2015

Leveraging the security mindset of others

November 21, 2016

I am over six months into my new role as a senior software security engineer. My role has me embedded with the development team. I go to meetings and interact with the team on a day-to-day basis. My desk is in there area. I go to lunch and conferences with them. As I’ve gotten more familiar with the environment and team, my task list has started to grow.

One of my co-workers noticed this and while leaving a meeting the other day asked if security had plans to hire another security person. I responded that I thought they might in the future, but that I wasn’t counting on it. It took two years to fill my role. With the current “talent shortage” it may take another two years to fill a similar role.

My strategy for getting security into the software development life cycle is to leverage the skills and knowledge of the developers. They are really smart people, so I put a focus on improving the security mindset of the developers. In meetings, I let them to talk through security issues and find their own solution. Just me being there the developers know that security needs to be taken seriously. For the most part they choose the right path.

I also recognize when security issues are identified and addressed by the development team without my involvement. The development team is already doing a lot of good things from a security perspective. By recognizing that in a meeting or one-on-one I am amplifying and encouraging that type of behavior. Using that strategy, I’ve started to see improvements in the development team in regards to security. The other person I was discussing this with agreed. They were seeing more focus being made on security.

Do we need more people in security? I don't know. What I do know is that the security industry is having a tough time finding the right people. Maybe we need a different strategy. I think that strategy should include leveraging the security mindset of others. I've had some encouraging results so far. It will be interesting evaluate the strategy a year from now.

This post first appeared on Exploring Information Security.

In Experiences Tags Talent Shortage, infosec, security, appsec
← How to find your niche in information securityRethinking the security team →

Latest PoDCASTS

Featured
Mar 10, 2026
[RERELEASE] What is a Chief Information Security Officer (CISO)
Mar 10, 2026
Mar 10, 2026
Mar 3, 2026
Exploring The Bad Advice Cybersecurity Professionals Provide to the Public
Mar 3, 2026
Mar 3, 2026
Feb 24, 2026
Inside Cambodia's Scam Compounds: Pig Butchering, Organized Crime, and Protecting Your Life Savings
Feb 24, 2026
Feb 24, 2026
Feb 17, 2026
What are the AI Vulnerabilities We Need to Worry About
Feb 17, 2026
Feb 17, 2026
Feb 10, 2026
[RERELEASE] How to make time for a home lab
Feb 10, 2026
Feb 10, 2026
Feb 3, 2026
[RERELEASE] How to build a home lab
Feb 3, 2026
Feb 3, 2026
Jan 27, 2026
How to Build an AI Governance Program with Walter Haydock
Jan 27, 2026
Jan 27, 2026
Jan 20, 2026
Exploring Cribl: Sifting Gold from Data Noise for Cost and Security
Jan 20, 2026
Jan 20, 2026
Jan 13, 2026
What is BSides ICS?
Jan 13, 2026
Jan 13, 2026
Jan 6, 2026
Cybersecurity Career Panel: Transitioning from Technical to Leadership
Jan 6, 2026
Jan 6, 2026

Powered by Squarespace