As stated in title, how did you get into security? I’m a senior software engineer with ~10 years of full stack web app development experience. I’ve been learning more about security, getting into CTFs and bug bounties. Still exploring all possible potential security related roles, though potentially interested in AppSec, product security, or general blue teaming. Very interested in hearing from former SWEs who transitioned into security, but happy to hear from anyone in a security role. TC: 320k
How is it at snap?
Start with risk modeling frameworks and threat modeling. With SWE background you should be able to relate to the challenges and will give you a good base. After that you can go into pentesting.
Can I dm?
I took 3 months off from work studying for the OSCP, I didn't pass it but the knowledge I gained was enough to get a me a junior security job. A few months into that job I finally passed the OSCP exam. IMO having SWE experience puts you way above pen tester's who don't have that experience.
First SWE job out of college I built a tool for the security team then they asked me to join them. All in all a solid move, but now I've lost most of my coding skill which kinda sucks lol
I got in from data analytics. You will see a lot of people coming in from different backgrounds in security. Data analytics made sense as I was using splunk a lot and doing detection and IR work. Now moving towards automation and remediation of the detections/ alerting
There’s tons of ways to break in, but with your experience you’d probably only find AppSec/Product Security roles palatable. It’s not like you’re going to go be a SOC analyst or go run a HITRUST audit.
World Conflicts
Yesterday
599
Its truly heartbreaking, I can’t work. I can’t focus, isn’t there anyone who can convince Israel to stop Raffah invasion
World Conflicts
Yesterday
285
Game on - IDF Tanks take the main road in Rafah, encircling half the city
Tech Industry
Yesterday
1497
Getting sextorted
Tech Industry
Yesterday
1898
Holding nearly 450K in cash
World Conflicts
Yesterday
513
The False Narrative of Israel Committing "Genocide"
I am in an intersection of distributed systems and security. From my experience (definitely less than yours), I think you should first try to get into a security infra team as a SWE, since it's more relevant to your experience. Getting exposure to security as a domain is very easy here. After that, hopefully, pivoting to security must be easier. At least that's my plan ...