Comment on Request: Guidance from Staff+ Security Engineers
cmg@infosec.pub 5 months ago
My #1 recommendation is reading staffeng.com/book. There’s so much variance between orgs at this level (or worse, implied during a reorg).
One of the things that book helped me with is understanding the lens others view this level as four separate personas. That unlocked for me that you might be getting advice from people expecting something other than you’re going after.
Another lens is the product engineering v corp/cloud security world. They can act very differently and you often find these roles straddling 2-3 unique orgs.
- Services / customer experience of what your org delivers
- Threat modeling mindset: look for the big picture so you can help make sure you can help put emergencies and day to day stuff in context.
- Get real feedback from others to put that judgement in perspective. Sometimes they are missing your perspective and other times you are off base!
Just remember there’s a lot of variance in higher level processes. Read the book above, then read 20 job descriptions for these titles. See if you can understand what they really want from the role.
stevedidwhat_infosec@infosec.pub 5 months ago
<3 Threat Modeling <3