A request for any security engineers who are Lead/Staff/L6 level or above (e.g. Senior Staff, Principal, Sr. Principal, Architect, etc…). What advice would you give to senior engineers (and below) on things they should learn or prioritize for “leveling up” technically?

I understand a lot of what goes into promotions is not necessarily technical, i.e. politics, visibility, being on high-impact projects, etc… but strictly on the more technical plane, what skills, tools, trainings, frameworks, etc… would you recommend?

Thanks!!

  • cmg@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 months ago

    My #1 recommendation is reading https://staffeng.com/book. There’s so much variance between orgs at this level (or worse, implied during a reorg).

    One of the things that book helped me with is understanding the lens others view this level as four separate personas. That unlocked for me that you might be getting advice from people expecting something other than you’re going after.

    Another lens is the product engineering v corp/cloud security world. They can act very differently and you often find these roles straddling 2-3 unique orgs.

    1. Services / customer experience of what your org delivers
    2. Threat modeling mindset: look for the big picture so you can help make sure you can help put emergencies and day to day stuff in context.
    3. Get real feedback from others to put that judgement in perspective. Sometimes they are missing your perspective and other times you are off base!

    Just remember there’s a lot of variance in higher level processes. Read the book above, then read 20 job descriptions for these titles. See if you can understand what they really want from the role.