Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "secops"
Best : I moved on from Dev to SecOps and got a well paid job in a small company closer to my home. With three office dogs.
Really, the dogs are the main thing there. The money is just an additional benefit.
Worst : my Dev life keeps getting less and less relevant for me. In the last two years, I started volunteering a lot (local volunteer fire department and then some), investing into several side businesses that start paying off now, generally doing as much non-dev stuff as possible.
I wanted to do this since I was a kid, I'm good at it, but I keep finding other things to do, because they're more interesting and more of a challenge.
Honestly, the one thing that keeps me in IT is sunk cost fallacy.
Hell, I'm thinking about becoming a paramedic or something, at least I'll be helping people instead of entertaining managers.4
Frequently used answers :)
UI developer - I think API is not working
Backend developer - Front end is not sending the request correctly
Tester - Testing! Testing!
UI/UX - As per android/ios standards...
QA - Let me check one more time
PM - Let us have another meeting and get on the same page
Dev-Ops - It's very complicated you know
CTO - We're working on a next-gen solution
Founder - Let us build something that no one has built, something similar to what google...facebook...
Cridits: My EX-CPO5
How the hell do these people have a senior position?
Sdev:"The are no vulnerabilities in my code because i have Avast running at the same time"
SecOps: "<insert potoo bird reaction>"
How should you approach someone and tell them they have been an victim of social engineering without being mean?
I was at an security conference today and watched a lot of speaks, and I must say that the atmosphere and the people around made it even better.
Here is one takeaway:
Does the security of IT has to be this depressing most of the time, like there is so many IoT devices, services, websites and critical infrastructure that has security flaws and all we can do is watch for now and say we are all fucked. Then try to lead the industry to better practices, like owasp (duck it) . Stop accepting and using shitty answers from SO that has security flaws (why learn something a way that is wrong in the first place?).
We need more awareness about IT security overall, how can one developer know that certain technologies can have certain vulnerabilities such as XSS, XSRF and even SQL injection if there is no information about it in among all shitton tutorials, guides and SO answers in the first place?
Lighten up! Being sad and depressing about these issues is not the best way to approach this! We need to embrace all steps taken towards better security, even the smallest ones.
Check out OWASP if you are not familiar :
Thanks for reading.
Questions more then a rant...
I've moved from being a lead on imploring DevOps and Agile practices in a large Telco to now working for a security consultancy... The team I'm with are s*** hot when it comes to SecOps (which is why I changed jobs) and I've been hired to he the automation and working practice expert on the team. Already got some of them learning Ansible which is a great start!
I've got delivery now being pushed to Git and all client work being tracked in Jira and properly documented and collaborated through HipChat and other CI tools on the way....
My question is this... Does anyone have some awesome resources to teach people Git, Jira, Jenkins, etc. quickly without forking or branching out on expensive training? Focus on being a technical but consultative team. Ideally just wanna pull some awesome guides and make. My own commits on them for the team... Please fire a story or epic away!1
today is weekly security inspection day, security process updates, helping with change requests, and trying to complete some automation for vulnerability scans