Hello! My name is Mike and I am an infosec engineer with 10+ years experience. I’ve worked in GRC, Vulnerability Management, PenTesting & AppSec. I have 17 SANS certs (I have a serious problem) and I’m also an infosec community enthusiast and creator/mod for /c/cybersecurity. AMA!

  • s1l3ntk1ll3r@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Thank you! Yeah, I see myself in that deathtrap of trying to build out roadmaps and taking on way too many things a little too often haha. I definitely agree with you that AppSec is one of the most interesting security disciplines out there atm.

    Given my background, I tend to gravitate towards breaking and a fair bit of defending but I’m fairly green when it comes to building. That said, I’m trying to improve my dev skills to be able to understand a developers mindset and be able to design and build an AppSec program from that PoV. On the same note, I’ve been looking into the CSSLP cert as a reference to help me along this journey, any thoughts on the cert or the material?

    Appreciate the response and I look forward to your new content.

    • shellsharks@infosec.pubOPM
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Haven’t taken the CSSLP nor have I seen it asked for very much on job reqs. It wouldn’t hurt to have but ISC^2 doesn’t exactly have the reputation for practical learning.