Introductions
About Me
I’m a security engineer. Other titles, depending on how I want to be perceived: security manager, director of security, software engineer, security. Information security is very important to me, but I rarely if ever identify as infosec. Get your checklists away from me. Learn how to cd.
My background is in full-stack software engineering. I’ve worked on systems at banks, the DoD, global online marketplaces, universities. I worked for a product consultancy for a few years - that taught me how to gain situational awareness and prove my value quickly.
I love security engineering because it’s systems thinking, it’s endlessly deep, and because it lets me feel like I’m doing something good in the world - or at least, not contributing to the bad.
For the past several years, I’ve been building security programs for product companies. I’m also starting to consult independently with smaller orgs. When I accepted my most recent security role, I realized that this is really who I am now. This is my career.
I’ve decided to start documenting, so that every time it’s a little easier, and I can get to the meat of my work faster.
What to expect
I’m planning to catalogue the activities of standing up a functional security program, in roughly chronological order, with as much detail as I can (while maintaining my obscurity.) Hopefully this will keep me more organized, but perhaps it will also help other security-minded engineers looking at a blank slate think about where to start.
Logistics
I’ll be posting weekly
Paid and subscriber posts are the same for now, but if you find this valuable, feel free to subscribe as a “thank you”
