Technology

TODO: INDEX

On Experience and Roles in Software and Cybersecurity

I strongly believe that the best cybersecurity professionals are those for whom cybersecurity is a second career. Think of network technicians, IT analysts, software developers, or maybe hardware developers or other technologists that have lived experience creating, implementing, operating, and supporting systems in the real world And then transitioned into a cyber security role.

Are dedicated roles, such as dedicated cybersecurity analysts, the way to go? Think of the software development world as an analogy. Years ago, we had strong differentiation with front end developers, backend developers, database administrators, architects, and quality assurance specialists, among others. Over time that has morphed into DevOps, SRE, and full stack developer type roles where each individual is expected to operate across the entire stack, including design, architecture, front-end, UI, UX, services, back-end, testing, QA, SRE, DevOps, infrastructure, and security.

Is this the best way to do things? There's no silver bullet, but having cybersecurity expertise and knowledge embedded in the team can absolutely be a benefit.