I heard a similar viewpoint from what I see is a growing "trend" in security.
The change from typical "pen test" and "checklist", to "threat modeling", which takes a more incremental approach together with the development team.
Improving a few items at a time as part of the sprint. Across the whole chain (even the segments manually done by humans), onto what makes sense. Instead of overwhelming the team with a 1000 pointer checklist.
In such a setup, the security team is part of the process of the entire chain, and advice accordingly.
As such, recent recruitment by some of these infosec companies are more on generalist, than traditional "infosec graduates". Much to the horror of some of the recent infosec graduates, who is surprised to now realize they are expected to learn programming.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I heard a similar viewpoint from what I see is a growing "trend" in security.
The change from typical "pen test" and "checklist", to "threat modeling", which takes a more incremental approach together with the development team.
Improving a few items at a time as part of the sprint. Across the whole chain (even the segments manually done by humans), onto what makes sense. Instead of overwhelming the team with a 1000 pointer checklist.
In such a setup, the security team is part of the process of the entire chain, and advice accordingly.
As such, recent recruitment by some of these infosec companies are more on generalist, than traditional "infosec graduates". Much to the horror of some of the recent infosec graduates, who is surprised to now realize they are expected to learn programming.