This interview was cross-posted from the Veracode Community.
With his third consecutive championship in the Secure Coding Challenge – the monthly coding competition in the Veracode Community – Damian is the latest member of our community to be named a Secure Code Champion. After his win, we spoke with Damian about his experience in the competition and his career growth from a software developer into a Security engineer.
A Software Architect at SmartBear, Damian is responsible for the security and engineering excellence of the BitBar Device Cloud solution. He decided to enter the Secure Coding Challenge after seeing the announcement in the Veracode Community Forum. After his first win in May, he went on to consecutively take the top spot for the next two months. Read more from our Q&A with Damian below.
About His Experience in the Secure Coding Challenge
Q: What did you find most valuable in participating in the Challenge?
A: In every engineering challenge I’ve participated in, I always find a very interesting theoretical component that allows me to better understand the roots of the problem that must be solved.
Q: What’s your suggestion for participants to stand out in the competition?
A: Be focused and have fun. About His Experience Becoming a Security Engineer
Q: How have you grown from a software developer into a Security engineer? What are the skillsets and knowledge required for this career change? How did you acquire those skills?
A: If I’m being honest, these days, all software developers must also be security engineers. It’s funny, but I exactly remember when I decided that I had to focus more on security aspects of my work in the Summer of 2019 when I was working for BitBar (before being acquired by SmartBear) we held an annual "Quality Month." During this month, every team member was encouraged to focus on any product-related idea that they wanted to improve.
One of my colleagues proposed to me to implement OWASP ASVS 4.0 in BitBar Device Cloud, and we did it. Soon after that, we had a big external pen test, and the results were good. I think it was a game-changer. And, after that, I attended more security conferences, passed the CEH exam, and have continued to prioritize security in all I do. My Security engineer career was even more boosted after BitBar was acquired by SmartBear as the company takes security very seriously.
It was only natural for me to then join an internal SmartBear Security Guild as a representative of our BitBar Device Cloud product.
Q: What are the top 3 qualities of a successful Security engineer?
A: Continuous learning, continuous skill improvements, and the ability to be patient. Security doesn't like the rush. Be focused on the target: making your application as secure as possible.
Q: Is there any tool, resource, forum/meet-up, or course you’d recommend for developers looking to break into the security world?
A: As I mentioned earlier, for me, adopting the OWASP ASVS was a real game-changer. I’d recommend learning more about this standard if you haven’t already. @Community Announcements