Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Published byShon Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation."— Presentation transcript:

1 Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP AppSec June 2004 NYC http://www.owasp.org Emerging Roles in Application Security Hiring trends and career strategies. Jeff Combs Senior Recruiter Alta Associates, Inc

2 OWASP AppSec 2004 2 Overworked AppSec Professional’s Drinking Song 99 vulnerabilities in the code, 99 bugs in the code, Fix one bug, compile it again, 101 vulnerabilities in the code. 101 vulnerabilities bugs in the code, 101 bugs in the code, Fix one bug, compile it again, 103 vulnerabilities in the code…

3 OWASP AppSec 2004 3 Alta Associates, Inc. Specialists in Information Security 17 years of experience Security focused since 1994 Front row seat to the growth of an industry Builders of wide and deep professional networks High level perspective on emerging trends and developments in our industry

4 OWASP AppSec 2004 4 Corporate Clients Financial Services Healthcare Manufacturing Pharmaceuticals Retail Utilities

5 OWASP AppSec 2004 5 Professional Services Public Accounting Firms Pure-play Information Security Consulting Firms Product Vendors with consulting services Managed Security Service Providers Management Consulting

6 OWASP AppSec 2004 6 Product Vendors Software, Hardware, Research and Development Founder level startups High growth up-and-comers Established companies needing fresh talent Industry giants

7 OWASP AppSec 2004 7 August 2001 A CISO from a major investment bank called asking for help and said: “ I don’t know if this person exists, but I know what I need them to do.”

8 OWASP AppSec 2004 8 I’m looking for someone who can: conduct vulnerability assessments on new and existing applications. work with developers to address vulnerabilities and remediate problems. teach developers how to write better, more secure code act as a liaison between Information Security and application development teams firm wide

9 OWASP AppSec 2004 9 Someone who: has an application development background understands and has a passion for security is outgoing and a good communicator.

10 OWASP AppSec 2004 10 Fast Forward Due to an increase in awareness (partly due to the efforts of OWASP and the highly publicized challenges faced by companies like Microsoft) … Application Security is an issue that every organization is working to address. Application Security has become a specialization within Information Security Newly defined roles and career opportunities are emerging.

11 OWASP AppSec 2004 11 Application Security Opportunities Professional roles in Application Security are in a constant state of flux. They’re currently being defined and continually being redefined. The goal is the same: address application related vulnerabilities, minimize application risk. General Role Profiles….

12 OWASP AppSec 2004 12 Corporate Application Security Roles Key objectives: Assessing, reviewing, remediation Evaluating application risk Promoting awareness Educating developers Providing SME to ongoing and new projects Understanding compliance issues, standards

13 OWASP AppSec 2004 13 Professional Services Key objectives: Evaluation of Application development processes and procedures Infrastructure and platform security testing Review of the application's architecture and source code Functional security testing, Penetration Testing Secure application development Provide recommendations Fly off into sunset

14 OWASP AppSec 2004 14 Vendor roles Key objectives: Application security tool development Vulnerability research and development Product development Position types: Professional Services / Sales Engineering Product Evangelizing / Strategy Product Management Sales and Marketing

15 OWASP AppSec 2004 15 Career Development Strategy A Big Picture View

16 OWASP AppSec 2004 16 DISCLAIMER The advice I’m about to offer is not given to help you write a better resume, figure out which certification to get or pick which tie to wear on an interview. The insight I’m about to provide is deceptively simple in nature but if used and applied appropriately, both short and long term career success will result.

17 OWASP AppSec 2004 17 Culture Shift Aside from the traditional qualifications that get people hired like hard skills, technical knowledge and experience… there is a culture shift within our industry that every security professional needs to be aware of, and a way to stand out above your peers that will give you an advantage when seeking your next position.

18 OWASP AppSec 2004 18 Backroom to Boardroom Technology is taken for granted. Information Security is less and less considered an elite “dark art” by executive management. In an effort to better align itself with business objectives, Information Security is being redefined as an Operational Risk Management discipline.

19 OWASP AppSec 2004 19 What does this mean to you? It means that no matter where you stand, from technically focused engineer to executive management with an acronym for a title… you need to understand the work you’re doing in the context of the business you support, the forces that affect it and the priorities that shape its direction.

20 OWASP AppSec 2004 20 Why? Because it is more critical than ever to be seen as part of the solution, to be seen as an enabler and to be seen as a person who “gets it” in the eyes of decision makers. This is the way to gain credibility and visibility with those who have an impact on the success of your career.

21 OWASP AppSec 2004 21 HOW? Know and understand the industry you support. Understand the language of business and learn to define your efforts as a security person in this context. Learn the discipline of Risk Management and use this knowledge to help you develop better risk driven Security solutions.

22 OWASP AppSec 2004 22 Standing Out, Standing Apart Despite the fact that Application Security professionals with the right combination of hard and soft skills are in high demand, there is always competition for the best jobs. To rise above the competition and stand out as the better candidate you need to find ways to differentiate yourself.

23 OWASP AppSec 2004 23 Ways to Differentiate  Technical ability, experience and exposure  In-the-trenches Application Security experience  Involvement with OWASP, industry groups and research projects  Published papers, speaking engagements  Tool and methodology development Having real world application security experience is a significant differentiator but this will only help in the short term while market demand is hot. Unfortunately, most of us will still have to work beyond this timeframe and need to plan accordingly.

24 OWASP AppSec 2004 24 Ways to Differentiate – Beyond Technical Ability Find ways to define your accomplishment in terms that are relative to the success of the business you’re in. increasing revenue reducing cost saving time saving resources executing enacting change enabling

25 OWASP AppSec 2004 25 The Results Employers and decision makers will view you as: well rounded, business savvy, progressive, professionally mature, and most importantly… as someone who stands out from all of the other people they’ve been interviewing or considering for promotion.

26 OWASP AppSec 2004 26 That’s all folks….

27 OWASP AppSec 2004 27 Thank you. Alta Associates Inc. Leaders in Human Capital Risk Management

Download ppt "Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation."

Similar presentations

The IT Staff of the Future: The Importance of IT Business Alignment for Staff Development Katherine Spencer Lee Executive Director Robert Half Technology.

The IT Staff of the Future: The Importance of IT Business Alignment for Staff Development Katherine Spencer Lee Executive Director Robert Half Technology.
Alex McCracken Director of Operations. Found out I was on the layoff list November 2009 Officially laid off January 2010 Joined Project Management Institute.

Alex McCracken Director of Operations. Found out I was on the layoff list November 2009 Officially laid off January 2010 Joined Project Management Institute.
Life Science Services and Solutions

Life Science Services and Solutions
© Copyright 2005-2006 Executive Blueprints Inc. All Rights Reserved A Suite of Services Organizational Alignment Organizational Development Executive Coaching.

© Copyright Executive Blueprints Inc. All Rights Reserved A Suite of Services Organizational Alignment Organizational Development Executive Coaching.
The Seven Steps to Success www.pcpi.ca “ I don't want to get to the end of my life and find that I lived just the length of it. I want to have lived the.

The Seven Steps to Success “ I don't want to get to the end of my life and find that I lived just the length of it. I want to have lived the.
CUPA-HR Strong – together!

CUPA-HR Strong – together!
Strengthen Your Career by Effectively Marketing Your Credentials Cheyene Haase BC Management, Inc.

Strengthen Your Career by Effectively Marketing Your Credentials Cheyene Haase BC Management, Inc.
Elevate Your BC Career Presented by: Cheyene Haase of BC Management, Inc. The Skills, Experience and Credentials in Demand for Business Continuity Professionals.

Elevate Your BC Career Presented by: Cheyene Haase of BC Management, Inc. The Skills, Experience and Credentials in Demand for Business Continuity Professionals.
Designed by: Monika Sodhi Ace Professionals www.acep.in.

Designed by: Monika Sodhi Ace Professionals
1 Careers in the Investments Industry II: Financial Planning Private Wealth Management Winter 2012 Personal Finance: Another Perspective.

1 Careers in the Investments Industry II: Financial Planning Private Wealth Management Winter 2012 Personal Finance: Another Perspective.
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
Manage and Safeguard Your BC Career Cheyene Haase BC Management, Inc.

Manage and Safeguard Your BC Career Cheyene Haase BC Management, Inc.
Welcome ! The Office of Career Development Preview Day 2003.

Welcome ! The Office of Career Development Preview Day 2003.
Manage Your BC Career Cheyene Haase BC Management, Inc. Elevating Your BC Career & Assessing Your Worth.

Manage Your BC Career Cheyene Haase BC Management, Inc. Elevating Your BC Career & Assessing Your Worth.
Building Value into the Hiring Process

Building Value into the Hiring Process
Realscape Understands Human Capital Matters The productivity and success of a business is dependent upon the knowledge, skill and energy of every employee.

Realscape Understands Human Capital Matters The productivity and success of a business is dependent upon the knowledge, skill and energy of every employee.
Emerging Trends in Job Market. Emerging trends in the job market  The world of work is changing in myriads of ways and at rapid and intense speed  Technology.

Emerging Trends in Job Market. Emerging trends in the job market  The world of work is changing in myriads of ways and at rapid and intense speed  Technology.
Tools and Software  Globalization, competition and technological trends, and changes in the workforce make finding and retaining talented employees.

Tools and Software  Globalization, competition and technological trends, and changes in the workforce make finding and retaining talented employees.
Computers Are Your Future Eleventh Edition Chapter 10: Careers & Certification Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.

Computers Are Your Future Eleventh Edition Chapter 10: Careers & Certification Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

Similar presentations

Ads by Google