Skip to main content

Information Security and Development Skills

From one of my quora answers

What jobs in the information security realm require strong development skills?


By development skills if you mean application development skills then yes whatAndrew Olson pointed out seems correct, You can use those skills during the static analysis code review. Code review has always been part of security engineering in most of the organizatons. When you come to offensive security you should have strong development skills as you will be developing exploits in order to publish or test the vulnerabilities. Skills that you need at this level are completely differnt from the application development skills which is largely based on Language and thrid part libraries available in the language. Its kind of hard to segregate responsibilities based on the job role but let me try and list some for you
Information security engineer (Application Security) - Code Review(Both manual and automated using the tools), Should have good knowledge of the frameworks and language used for the applications. A Java guys cannot review code of .NET application its as simple as that.
Information security engineer (Network Security) - Minimal or no use of the develoment skills, Most of the work is done with the tools available. If you google “Networking Tool” you can see almost all tools are available. Administration and Configurations is the task that info security engineeer in this field primarily does.
Information Security Analyst (Access/Identity Management) : Same as Network Security
Information Security Consultant - They have to be up to date with compliance, regulations and policies. They perform lots of training and workshop sessions. Softskills are requred more at this level. You dont need to be hard core technical but still you need to have technical skills at this level.
Information Security Manager - Same as Security Consultant, additionally they might manage otther security groups, people development skill is must and this is a non technical job as far as daily practice is concerned, primarily because big part of their time goes on certification, accredation and decision making.
Information Security Architect - Fairly good use of development skills, tools and softskill. This role demands right blend of domain, technology and people development skills. they make decision on technlogy stack and provie recommendation from security stand point.
Security Engineer(Exploit development / Computer forensics) - Knowledge of assembly level language and good command over atlest one low level language helps a lot. This role is about closlely monitoring the behaviour of OS under differnt circumstances and build patch of that, failry technical role.
Penetration testing - Minimal development skills, tools based but development skills are always plus to position you better penetration tester.
Personally I feel application security and security architecture is the role where strong development skills count.
Labels:

Comments

  1. ICS Cyber SecurityFebruary 17, 2017 at 1:54 AM

    Very nice information. Application security code review automatically find security flaws with a high degree of confidence that what is found is indeed a flaw.

    ReplyDelete
  2. ElbertMarch 16, 2017 at 3:00 AM

    appreciating the time and knowledge combined together to write the valuable content of the blog. this is the perfect blog for those searching on the application security code review

    ReplyDelete

Post a Comment

Popular posts from this blog

Mobile Message Organizer

Got a basic requirement that i think every mobile should have, all the mail clients have this facility and i dont see any big difficulties on this other than the storage problem which is not a problem at all as we got GB of spaces in our memory cards. Well i am talking about the organizing the messages in Inbox , categorization of messages. Suppose i want to store all the messages from one of my friend say A in a folder called Personal, my existing mobile device Nokai E71 doesn't have this feature inbuilt (Ofcourse if you want you can make a folder and move the messages manually but here i am talking about the idea of automating this procedure). Only thing we need to do is , we have to store the rules in separate location , rules will be defined by the user and then device will follow these rules.There are no or very less software available which satisfy this requirement for mobile device.this is so simple but basic requirement as per the end user. I am going to make this one
2 comments
Read more

Indian Education System : Let's shape it

Good advice is always certain to be ignored, but that's no reason not to give it.                                                                                        By Agatha Christie   This is one of the things that I wanted to write from long back and per my opinion it should be matter of at most important for any educated person of India. Today in this article I would like  focus on reminding people about the importance of education and educational departments  no matter those are government related or privately held. Whatever we are today is only because the level of education that we have, other than Jobs and money education adds lot many dimension to our life, one can easily distinguish an educated and uneducated person. Respect, honesty, integrity, values and so many useful things which are foundation of well being comes from very basic education that we get from various teachers and institute. Educational institute are known for the quality education they pr
1 comment
Read more

The Bourne Betrayal | Book Review

Novel by Eric Van Lustbader and Robert Ludlum I like all Robert Ludlum’s novels including those which are written by Evan Lastbadder. To me his novels have taken fiction to the next level. During my way back to Hyderabad from my last summer trip to hometown I bought paperback version of “The Bourne Betryal”. This novel was full of Lastbadder’s style of writing than Robert Ludlum’s one.  I took almost 6 months to complete it. This novel has something different to offer actually. Plot is exciting but the story is not very accelerating. Jason bourn and Martin Lindros, When martin Lindros decided to come back in the field operations with the aim to destroy Fadi and When Martin is out the track , Jason is the only help possible in the situation. Story takes you through various struggle of Jason to bring Martin back home. There are few things where author has not even paid any attention for example how does an ordinary Pakistani Waiter will have that much of information   Towards the e
Post a Comment
Read more