I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
What does the interview process look like for security engineers?
I am not responsible for hiring, but I know that when they hired me for the Developer Advocate position, they where looking for an individual with a security mindset and with coding skills in the API and Mobile Apps landscape. In my case I had to do a presentation where I would evaluate a demo the company uses and show my knowledge around certificate pinning in mobile apps. They gave me around 2 weeks to prepare for it, and as part of that preparation I wrote some notes here.
When the CTO is back from holidays I can ask him what is more important to him when hiring a security engineer.
What's the hardest part about advocating for security?
It's that people think that only happens to others, and that we are being paranoid, and this even after you present with some links to concrete cases of monumental failures of addressing the security basics in a project.
Becomes easier to advocate when your audience already have felt in their skin the experience of their application being hacked, but even in this situation you still have developers and businesses refusing to treat security as a first class citizen.
Security must be present in a project from day zero, not as an afterthought, because you after have built your prototype, and more often than not, it will become the MVP(Minimal Viable Product), thus making more difficult to add security into it due to decisions made in earlier stages.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I am not responsible for hiring, but I know that when they hired me for the Developer Advocate position, they where looking for an individual with a security mindset and with coding skills in the API and Mobile Apps landscape. In my case I had to do a presentation where I would evaluate a demo the company uses and show my knowledge around certificate pinning in mobile apps. They gave me around 2 weeks to prepare for it, and as part of that preparation I wrote some notes here.
When the CTO is back from holidays I can ask him what is more important to him when hiring a security engineer.
It's that people think that only happens to others, and that we are being paranoid, and this even after you present with some links to concrete cases of monumental failures of addressing the security basics in a project.
Becomes easier to advocate when your audience already have felt in their skin the experience of their application being hacked, but even in this situation you still have developers and businesses refusing to treat security as a first class citizen.
Security must be present in a project from day zero, not as an afterthought, because you after have built your prototype, and more often than not, it will become the MVP(Minimal Viable Product), thus making more difficult to add security into it due to decisions made in earlier stages.