One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 3599866 |
| Date de publication | 2021-11-02 14:09:27 (vue: 2021-11-02 19:05:37) |
| Titre | Champion Spotlight: Cris Rodriguez |
| Texte | This interview was cross-posted from the Veracode Community. Join us in congratulating Cris, the latest Secure Code Champion in the Veracode Community! The Secure Code Champion is an award that recognizes individuals with three championships in the Veracode Community's Secure Coding Challenge competitions. Cris is a principal-level Application Security engineer in a large global travel technology company. In this role, he focuses on application penetration testing and setting the strategy for migrating their apps over to Google Cloud. Before entering the security space, he was a software developer for five years. In this interview, we asked Cris about this experience participating in the Secure Coding Challenges and his career change story. He talked about how he made the career switch from a developer to become a security engineer, and what he thinks is important for someone to be successful in this role. For developers considering a similar career move, he also shared the resources that he found most helpful. About Your Experience in the Secure Coding Challenge What brought you to the Secure Coding Challenge? I got an email about the competition and I enjoy a good challenge. What did you find most valuable in participating in the Challenge? Since there were multiple languages, we were able to experience different solutions for a single bug class. That was helpful since most companies use many languages for their apps. What's your suggestion for participants to stand out in the competition? Trust your instincts and be familiar with using a command line and coding project directory tree. As a security engineer, you'll need to be able to dig into your organization's code if you want to be able to help your developers succeed. About Your Experience Becoming a Security Engineer How have you grown from a software developer into a Security engineer? What are the skillsets and knowledge required for this career change? How did you acquire those skills? I was a software developer for five years before I switched over to security. When I made the switch, I was focusing on penetration so I read as many bug bounty write-ups as I could find and watched many more YouTube tutorials. Hack the box and pentester academy have been very helpful in my learnings. What are the top 3 qualities of a successful security engineer? Attention to detail:We are looking for bugs in code that work so you have to understand what makes a component vulnerable. Communication:The developers are going to push back sometimes so being able to communicate with them is key Vulnerability Knowledge:When the developers push back on a vulnerability you really need to have the knowledge of why it is important to fix it. It also helps if you can demonstrate how the vulnerability can be exploited. Is there any tool, resource, forum/meet-up, or course you'd recommend for developers looking to break into the security world? Read the disclosed write-ups at HackerOne and Bugcrowd. Also, here is a link to a great repo that gathered a lot of write-ups. https://github.com/devanshbatham/Awesome-Bugbounty-Writeups Questions about becoming a security engineer? Or, if you're a fellow security engineer, let's connect! You can follow me on Twitter @Nimbus689 or connect with me on LinkedIn. https://www.linkedin.com/mwlite/in/cristobal-rodriguez-03b3b079 |
| Envoyé | Oui |
| Condensat | 03b3b079 @nimbus689 able about academy acquire also any application apps are asked attention award back become becoming been before being bounty box break brought bug bugbounty bugcrowd bugs can career challenge challenges challenge competitions challenge champion championships change class cloud code coding com/devanshbatham/awesome com/mwlite/in/cristobal command communicate communication:the community companies company competition component congratulating connect considering could course cris cross demonstrate detail:we developer developers did different dig directory disclosed email engineer engineer enjoy entering experience exploited familiar fellow find five fix focuses focusing follow forum/meet found from gathered global going good google got great grown hack hackerone have help helpful helps here his how important individuals instincts interview join key knowledge knowledge:when languages large latest learnings let level line link linkedin looking lot made makes many migrating more most move multiple need organization out over participants participating penetration pentester posted principal project push qualities questions read really recognizes recommend repo required resource resources rodriguez role secure security setting shared similar since single skills skillsets software solutions someone sometimes space spotlight: stand story strategy succeed successful suggestion switch switched s secure talked technology testing them the veracode thinks those three tool top travel tree trust tutorials twitter understand ups use using valuable veracode very vulnerability vulnerable want watched what when why work world write writeups years you your youtube https://github https://www |
| Tags | Hack Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.