Looking for any advice for switching from software engineering to security roles. AppSec is the target now. how does one with 0 security experience build up to an AppSec role with a strong software engineering background #cybersecurity #security
Tech Industry
3d
40797
What happens when most of your team is Indian?
Tech Industry
4h
577
The man I love hates me because I’m Vietnamese
Software Engineering Career
10h
2141
L4 Google -> 45 interviews, 5 offers, AMA
World Conflicts
Yesterday
776
Peaceful Protest Hasn’t Worked and Has Been Met With Aggression.
Tech Industry
Yesterday
325
Air India vs United Economy: US-IND
Every company approaches AppSec differently. At one company it might be focused on tooling, at another it might be pentesting. The most mature and security oriented companies would focus on balancing tools, people and processes (both preventing and reacting but focusing on prevention). I’d recommend starting with looking at the job descriptions for the roles that interest you, start building network on LinkedIn, follow people in that field. Then take free or almost free courses on YouTube, udemy, etc to prepare on the topics that are mentioned on the job descriptions. Build lab environment and practice. Hands-on experience is what important to get a job. AppSec requires development experience + security so you already have a head start. start learning about security vulnerabilities in web applications. OWASP would be your main resource. Start with top 10 and code review guides. To learn how to exploit those use labs. One of the most up to date, relevant and also free would be portSwigger academy. OWASP has a lot of stuff on their website. There is also an OWASP meetup in every region. Those are free an it’s a good idea to attend in person. Good place to start. Do the free stuff first and grow your network Read about threat modeling as it’s also required. At least have understanding of what this is and how to perform it. Certs don’t look good on the resume unless the candidate is very experienced. Even though it might pass the recruiter it will not pass the hiring manager. And it’s a complete inadequacy to have certs but no, or little, experience on a resume. To summarize, you can take these steps simultaneously(!): - look at the market requirements (job descriptions), get some understanding of the most common requirements and prepare at least theory so you could answer the questions during the interview. Use free resources like OWASP, YouTube, etc. - get some hands-on experience. At least portSwigger academy. - update your profile and grow your network on LinkedIn. - apply for jobs. This should be started as soon as possible. Right after you learn at least something and can put it in your resume. This will give you a better understanding of the interview process and what gaps you might have. - make sure your communication skills are good. The AppSec role requires a lot of communication with different stakeholders. And being able to bring your point across, and get different people on your side is essential.
🙏