this post was submitted on 09 May 2024
16 points (100.0% liked)

cybersecurity

3227 readers
5 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
shellsharks@infosec.pub
tweedge@infosec.pub
16
Request: Guidance from Staff+ Security Engineers (infosec.pub)
submitted 6 months ago by shellsharks@infosec.pub to c/cybersecurity@infosec.pub
4 comments fedilink hide all child comments
 

A request for any security engineers who are Lead/Staff/L6 level or above (e.g. Senior Staff, Principal, Sr. Principal, Architect, etc...). What advice would you give to senior engineers (and below) on things they should learn or prioritize for "leveling up" technically?

I understand a lot of what goes into promotions is not necessarily technical, i.e. politics, visibility, being on high-impact projects, etc... but strictly on the more technical plane, what skills, tools, trainings, frameworks, etc... would you recommend?

Thanks!!

you are viewing a single comment's thread
view the rest of the comments
[–] cmg@infosec.pub 3 points 6 months ago (1 children)

My #1 recommendation is reading https://staffeng.com/book. There’s so much variance between orgs at this level (or worse, implied during a reorg).

One of the things that book helped me with is understanding the lens others view this level as four separate personas. That unlocked for me that you might be getting advice from people expecting something other than you’re going after.

Another lens is the product engineering v corp/cloud security world. They can act very differently and you often find these roles straddling 2-3 unique orgs.

  1. Services / customer experience of what your org delivers
  2. Threat modeling mindset: look for the big picture so you can help make sure you can help put emergencies and day to day stuff in context.
  3. Get real feedback from others to put that judgement in perspective. Sometimes they are missing your perspective and other times you are off base!

Just remember there’s a lot of variance in higher level processes. Read the book above, then read 20 job descriptions for these titles. See if you can understand what they really want from the role.

[–] stevedidwhat_infosec@infosec.pub 2 points 6 months ago

<3 Threat Modeling <3