Think Like a Software Engineer
Think Like a Software Security Professional
Thoughts on evolving our professions in the midst of doing them,
by Susan Sons
This talk will be most useful to software developers and those who manage, teach, and mentor them. However, anyone with an interest in information security or where software comes from may find some of the material approachable.
I'm Susan Sons, a Senior Systems Analyst from Indiana University's Center for Applied Cybersecurity Research. I've become a jack-of-all-trades sort of security engineer, but my first love was software engineering, as I came up among some wonderful old-school systems programmers.
Computer science is not software engineering.
Computer science asks what is possible.
Software engineering makes things possible...
on a budget
despite personnel turnover
for users who have their own motives and constraints
using only the tools and techniques available
in a way that can actually be maintained
and won't fail too much or too dangerously
or make too many people angry
Code camp is not software engineering.
"Hands on" programming projects don't have:
to build reliably
to be portable
to be documented
to be usable
to be secure
to be maintainable
Curmudgeon engineer gripes about new recruits
Next at 11: water is wet!
Engineering used to be taught through apprenticeship.
Why doesn't this happen with software engineers?
- The who
- The how
- The when, why, and where
Mentoring and being a Mentee in Software Engineering
A Model for Teaching, Learning, Doing, and Communicating Infosec
Think Like a Software Engineer, Think Like a Software Security Professional
By Susan Sons