Think Like a Software Engineer

Think Like a Software Security Professional

Thoughts on evolving our professions in the midst of doing them,

by Susan Sons

Welcome!

This talk will be most useful to software developers and those who manage, teach, and mentor them.  However, anyone with an interest in information security or where software comes from may find some of the material approachable.

About Me

I'm Susan Sons, a Senior Systems Analyst from Indiana University's Center for Applied Cybersecurity Research.  I've become a jack-of-all-trades sort of security engineer, but my first love was software engineering, as I came up among some wonderful old-school systems programmers.

Computer science is not software engineering.

Computer science asks what is possible.

Software engineering makes things possible...

  • on a budget

  • on schedule

  • despite personnel turnover

  • for users who have their own motives and constraints

  • using only the tools and techniques available

  • in a way that can actually be maintained

  • and won't fail too much or too dangerously

  • or make too many people angry

Code camp is not software engineering.

"Hands on" programming projects don't have:

  • to build reliably

  • to be portable

  • to be documented

  • to be usable

  • to be secure

  • to be maintainable

  • users

Curmudgeon engineer gripes about new recruits

Next at 11: water is wet!

Engineering used to be taught through apprenticeship.

Why doesn't this happen with software engineers?

  • The who
  • The how
  • The when, why, and where

Mentoring and being a Mentee in Software Engineering

The ISPP:

A Model for Teaching, Learning, Doing, and Communicating Infosec

Think Like a Software Engineer, Think Like a Software Security Professional

By Susan Sons

Think Like a Software Engineer, Think Like a Software Security Professional

First given at the 2Nov2016 meeting of Brooklyn OWASP, this talk gives a view of critical software engineering practices and mindset missing from the traditional CS education path and how to teach them, and bridges that to software security practice.

  • 445
Loading comments...

More from Susan Sons