nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl (nprofile…d2rl)
The last time I was hiring for a directly security role, it was shocking to see just how far the hyperspecialization had gone. I live very much in blue team, and trying to find blue team appsec people was effectively impossible. I ended up grabbing a security-interested juniorish dev and mentoring her into the role instead. For most of the small (<150 engineers) firms I work with, it's always going to make more sense to outsource audit, including more serious code audits — the work is bursty and irregular — but we still need in-house folks helping devs with SAST, doing internal training, and working with engineers on vuln fixes. It's not sexy enough, though, not red team, so finding folks is a nightmare.
Eleanor Saitta
npub1rf…st8qa
2025-04-04 05:51:58 UTC
in reply to nevent1q…djw6
Author Public Key
npub1rfth0en0ft89gc2p35m8mvpkk2twmvun3j2ahj0e5f5j3yfmtd4sxst8qaSeen on
wss://relay.ditto.pubPublished at
2025-04-04 05:51:58 UTCEvent JSON
{
"id": "d8e745fedf879ba715d67bf16cafd39956803844a2531a937edaf2723f50ff39",
"pubkey": "1a5777e66f4ace5461418d367db036b296edb3938c95dbc9f9a26928913b5b6b",
"created_at": 1743745918,
"kind": 1,
"tags": [
[
"p",
"cf860c4034090328f71471a6c44dc6db7f45df3a7b90877c045f4db2d81f7e1b",
"wss://relay.mostr.pub"
],
[
"p",
"ddaef735ba82c4c8eb3942423bf54420567582fd5b68ed1046a7e18c9f780bfe",
"wss://relay.mostr.pub"
],
[
"e",
"60475a2f822f2484ffed6d65f02d6d7adc09254d4982fe102c73a356cafb3daa",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://infosec.exchange/users/dymaxion/statuses/114278132493787768",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl\nThe last time I was hiring for a directly security role, it was shocking to see just how far the hyperspecialization had gone. I live very much in blue team, and trying to find blue team appsec people was effectively impossible. I ended up grabbing a security-interested juniorish dev and mentoring her into the role instead. For most of the small (\u003c150 engineers) firms I work with, it's always going to make more sense to outsource audit, including more serious code audits — the work is bursty and irregular — but we still need in-house folks helping devs with SAST, doing internal training, and working with engineers on vuln fixes. It's not sexy enough, though, not red team, so finding folks is a nightmare.",
"sig": "f69bee8f5c945f6ad46904a02862b493a711bf25295b1bb01df9b94a15326289712c9e1c256add43a9b5fe45d12830f7fe23f06931ad49c2305b8da739848b3a"
}