Ramon Krikken, one of the analysts at Burton Group, while presenting on Security Program made a comment that Security Professionals with software development background is a rare breed. Not many are there who understand the SDLC in the security program.
Most of the time, you will see individuals with network engineering, auditing or management background in the security program. This is true according to Steve Katz, world’s first CISO, in his blogs – Choosing the Right Staff.
I, from my experience, can definitely relate to the same. There are times when I spend more time explaining the SDLC part of security to my peers. Some of them don’t even consider application security as a domain in the security program.
For now, I am proud to be part of the rare breed!