Developer to Security Engineer career pivot
As I described in the previous post, some events might have a powerful influence on our lives and careers. And today I’d like to share the experience of a major pivot in my IT career. Probably it is one of the most significant points throughout those 14 years.
The first major event happened was when I initially switched from a System Engineer to Software Developer. Both times I just followed my gut feeling and curiosity. My first paid job in IT was a System Engineer role at the university where I studied. It involved the management of multiple web, file, and gateway servers running on Linux. I also had to deal with some network equipment, which were HP L2 and L3 devices. Close to the graduation date I got interested in programming and Ruby specifically. So I have never really lost my interest in Linux and system administration, but rather strongly focused on software development for multiple years. Many thanks to evrone.com who took me on board and provided a lot of opportunities to learn.
Since 2010 for almost 10 years I’ve been working as a Software Engineer. It was mostly backend development with Ruby programming language. At some point, I felt that I can do more than just regular programming. I started extending and diversifying my skill set so I’ve also studied and passed an exam for Certified Scrum Master title. This knowledge was very useful for my job at Toptal.com where I had an opportunity to coach and train development teams to adapt Scrum company-wide. In the meanwhile, I’ve been also coaching junior engineers in programming Ruby and software development in general at mkdev.
Several years later I felt bored again. Even though I enjoyed improving development processes in the company, I still loved programming, so I had some concerns about switching to the pure leadership ladder which was available in the company. I felt that I want to stay close to the implementation details, and get my hands dirty from time to time. Overall I was concerned about my hard skills, I didn’t want to completely forget how to program and do engineering management instead. And at some point, I accidentally learned about HackTheBox. No idea why I was not aware of CTFs existence before.
That moment completely changed my life. I fall in love with CTFs and spent the next year working on boxes there. With all my programming and sysadmin experience I got endless opportunities to learn about different vulnerabilities and attack techniques. I passed through around 100 retired machines on HTB and then switched to Offensive Security OSCP exam preparation. In addition to OSCP course material and lab, I’ve also passed most of the available machines on OffSec’s Proving Grounds at that moment. At the same time, I switched my work position to Security Engineer within the same company. Many thanks to Toptal team for that opportunity.
All those events led me to a completely new work approach. I don’t write much code these days, though I still read it a lot. Even though I’ve started my security journey from the offensive side, I mostly focus on the defense. My goal is to improve company work processes to make them safer, introduce security in developers’ minds and align with different security audits. At Toptal our team used to be called SecOps, at Hubstaff I lead the DevSecOps team. But in both cases, I had to deal with a broad variety of activities, from reviewing application code to dealing with external security auditors. Technology-wise every new day brings new challenges that I enjoy so much!
In a summary, I’d like to encourage everyone to listen to their gut feeling and do not afraid to change their professional focus. The IT industry is huge and gives you endless opportunities in different domains. Whatever you had been doing before, try to leverage your experience for the great good. Everyone deserves a job that brings joy, and you can make it happen.