• Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
CircleCityCon 2015

CircleCityCon 2015

Leveraging the security mindset of others

November 21, 2016

I am over six months into my new role as a senior software security engineer. My role has me embedded with the development team. I go to meetings and interact with the team on a day-to-day basis. My desk is in there area. I go to lunch and conferences with them. As I’ve gotten more familiar with the environment and team, my task list has started to grow.

One of my co-workers noticed this and while leaving a meeting the other day asked if security had plans to hire another security person. I responded that I thought they might in the future, but that I wasn’t counting on it. It took two years to fill my role. With the current “talent shortage” it may take another two years to fill a similar role.

My strategy for getting security into the software development life cycle is to leverage the skills and knowledge of the developers. They are really smart people, so I put a focus on improving the security mindset of the developers. In meetings, I let them to talk through security issues and find their own solution. Just me being there the developers know that security needs to be taken seriously. For the most part they choose the right path.

I also recognize when security issues are identified and addressed by the development team without my involvement. The development team is already doing a lot of good things from a security perspective. By recognizing that in a meeting or one-on-one I am amplifying and encouraging that type of behavior. Using that strategy, I’ve started to see improvements in the development team in regards to security. The other person I was discussing this with agreed. They were seeing more focus being made on security.

Do we need more people in security? I don't know. What I do know is that the security industry is having a tough time finding the right people. Maybe we need a different strategy. I think that strategy should include leveraging the security mindset of others. I've had some encouraging results so far. It will be interesting evaluate the strategy a year from now.

This post first appeared on Exploring Information Security.

In Experiences Tags Talent Shortage, infosec, security, appsec
← How to find your niche in information securityRethinking the security team →

Latest PoDCASTS

Featured
Apr 28, 2026
[RERELEASE] What is the perception of information security - part 1
Apr 28, 2026
Apr 28, 2026
Apr 21, 2026
Exploring the Quantum Horizon: Why We Need CBOMs Today
Apr 21, 2026
Apr 21, 2026
Apr 14, 2026
Exploring the Risks of Model Context Protocol (MCP) with Casey Bleeker
Apr 14, 2026
Apr 14, 2026
Apr 7, 2026
From Combat Zones to Corporate Lobbies: A Guide to Physical Security with Josh Winter
Apr 7, 2026
Apr 7, 2026
Mar 31, 2026
[RERELEASE] What is a SIEM?
Mar 31, 2026
Mar 31, 2026
Mar 24, 2026
[RERELEASE] What is threat modeling?
Mar 24, 2026
Mar 24, 2026
Mar 17, 2026
[RERELEASE] What is cryptography?
Mar 17, 2026
Mar 17, 2026
Mar 10, 2026
[RERELEASE] What is a Chief Information Security Officer (CISO)
Mar 10, 2026
Mar 10, 2026
Mar 3, 2026
Exploring The Bad Advice Cybersecurity Professionals Provide to the Public
Mar 3, 2026
Mar 3, 2026
Feb 24, 2026
Inside Cambodia's Scam Compounds: Pig Butchering, Organized Crime, and Protecting Your Life Savings
Feb 24, 2026
Feb 24, 2026

Powered by Squarespace