4 Things to Expect When You’re the Only Security Engineer on a Developers Team
29 oct. 2019
Every start-up reaches the point where having developers take care of security is not enough. A security engineer needs to be hired to do the trickier stuff, such as monitor networks and systems for vulnerabilities, or create a set of security standards and practices. Does that sound like the job you’ve just signed up for? Lucky you! But here are some things you need to be aware of before your first day if you’re going to survive.
1. You’ll be told that your code is not clean enough.
As a security engineer, you’ll sometimes have to code—to automate security checks, for example. You’ll also need to know how to code in order to be able to understand developers’ code. But you’re not a developer, which means that your expertise is more about platforms than coding. So, yes, you’re not an expert in programming languages—but you have so many other technical skills!
2. You’ll be teased about preventing sprints from ending.
Your rhythm is different from that of developers, who usually work with sprints. Your issues can take one quarter or more to be fixed and your goals are definitely more long-term than theirs. This means that, at some point, you’ll probably prevent a sprint from ending because you need to deprecate the version of a library to a more secure one. But stick to your guns—it will be for a good reason, no matter what the developers are saying!
3. You’ll be assured that vulnerability bugs can be fixed later.
In order to finish a sprint, developers tend to release a feature even when there’s a pending risk, especially if it can’t be seen by the client. They promise they will come back to it later… So make sure your keep track of those bugs.
4. You’ll need to share your knowledge with developers
Developers will be able to find vulnerabilities on their code if you are willing to share your knowledge about security with them. And doing so will allow you to spend more time on more complex and transversal topics. Of course, you’ll need to give them proper training so that they don’t end up creating new security bugs while fixing one. And not only will this help you to get to know them better, developers will also teach you a lot, too!
When you are the only security engineer on a team of developers, it’s important to remember that your skills are complementary to those of your colleagues and that some of them worked on security issues before your arrival. Explaining your work to developers who are not completely aware of what you are doing, as well as training the ones who want to learn, will make it possible for you to become fully part of the developers’ team—and not just be seen as the one who blocks sprints.
This article is part of Behind the Code, the media for developers, by developers. Discover more articles and videos by visiting Behind the Code!
Want to contribute? Get published!
Follow us on Twitter to stay tuned!
Illustrations by WTTJ
Inspirez-vous davantage sur : Offbeat
Thinking outside the box once in a while is essential while coding. Take a step back on your day-to-day developer tasks and discover how other people use the same technologies and tools as you to create amazing things.
Poem #4: Firefighting
Enjoy this poem program written in the Python programming language that generates an ASCII art fire animation.
19 déc. 2019
Poem #3: Avalanche of Stars
Enjoy this poem program written in the C programming language that generates ASCII art mountainscapes.
12 nov. 2019
Poem #2: Alphanumeric
Enjoy this poem program written in the Julia language that uses a simple statistical model to generate endless paragraphs of redacted text.
03 oct. 2019
Tired of Chrome? Try These Six Browsers
Are you tired of Chrome, Safari and Firefox? Here are six alternative browsers to consider if you’re looking for a different Internet experience!
01 oct. 2019
Poem #1: Submarine
Enjoy this poem program written in the J programming language about cross-Atlantic electric and fiber-optic cables being draped across the seabed.
12 sept. 2019
La newsletter qui fait le taf
Envie de ne louper aucun de nos articles ? Une fois par semaine, des histoires, des jobs et des conseils dans votre boite mail.
Vous êtes à la recherche d’une nouvelle opportunité ?
Plus de 200 000 candidats ont trouvé un emploi sur Welcome to the JungleExplorer les jobs