#security (2022-12)

This is honestly the most difficult question to answer, as each individual has a feed of their interests, or needs . I started with this list, but I wouldn’t call it extensive- https://blog.feedspot.com/cyber_security_news_rss_feeds/

I know, I already feel fairly up to date on security news without being subscribed to any news letters.

Thanks for the link collection, looks good

Setup renovate on your repos and mend if you ha e paid version. Dependabot as well can be useful but less flexible.

Now you’ll get prs for security updates and advisories in github. Other platforms have similar setup. First thing I do in a project/org.

Sorry Sheldonh I saw your answer and completely agree, we use dependabot

Get an acloudguru.com subscription and take courses there.

I’ll tell him to get started on the “Hundreds of courses. Thousands of labs. Endless possibilities.”

I always tell friends/coworkers don’t “get into security”. Look at the Reddit threads. It’s not common to hire junior security team members and it’s a small small percentage of a company. Do more cloud engineering or SWE work and deep dive into security but don’t think of it as your only thing. Being more well rounded is important and specialization later. More detailed stuff can be found in Reddit and such. Hope that’s semi useful

@sheldonh that’s actually a good and fair assessment. I have a similar feeling about “DevOps”. It takes a lot of different technical expertise to get into it, but that doesn’t mean people shouldn’t try or that a path shouldn’t be created for people to get there. I’ll take a look at reddit too and hoping that my brother will find out what really attracts him to security to help guide him. I’ll take a look at the reddit threads too

DevOps is much different imo it stands today in most companies. Junior engineers are fine there. Lots of opportunities.

But you don’t go from zero to “I’ll be responsible for securing your network” or I’ll handle your cross region data replication”.

Personally I think “security engineer” is a more specialist/dying breed in general. I think kost companies only have 1-2 that I’ve worked at.

I think the path is if you’re interested in security, the best path forward should be rounding out your technical understanding in many areas and then specializing in security. Once you have a general knowledge of the field. The key is that the path is not going straight into it but that it’s a possible option as you gain experience.

It’s sort of like somebody saying I want to be a manager out of high school so they go that path thinking I am going to be a VP there’s a path to get there and it requires more low level people management skills and finally broader levels of responsibility.

anyway is a good chat feel free to discard anything you don’t agree with had to think on this a bit lately with multiple people asking me for pointers on which path to take. I kinda feel cloud engineering in genersl is so accessible and specializing later is always an option. Cheers!

I agree, cloud engineering is the way to go and people want to jump ahead

https://github.com/jassics/security-study-plan

(via @matt)

Thank you Erik!