I’m sure I am not alone here - but at one point in my engineering career I had helped build a platform, and only after building it did we come to the threshold that was - “Has this been evaluated by security”. IE traditional silos and the need to evaluate for compliance across controls that may or may not apply.
In the era of DevSecOps and the Sec was never integrated. Embarrassing in some perspectives but I had no background to even constitute knowing what standard we would even be evaluating the platform against. Ignorance does not get a free pass though - and it instilled a need to understand why there wasn’t any data to pull for re-use. This activity is done time and time again with many of the same tools and architectures and yet each one is done in a silo? that didn’t sit well with me.
The article above lays out a few Supply Chain Security attacks that are applicable to software development. The TLDR is that - without signing your commits - there are ways to impersonate your github account through fairly trivial means. This is a pretty scary thought - impersonation is a pretty simple social engineering attack that could result in someone letting down their defenses when they otherwise shouldn’t - or worse - attributing some known bad code to someone else in an attempt to degrade their reputation.
I am a firm believer that a continuous growth-mindset is essential for any developer (and any other person to be honest). We execute day-in and day-out and more often than not will find ourselves playing to our strengths and focusing on the mission need instead of poking at every new skill and programming language under the sun.
Devoting yourself - your time, energy, focus and grit towards the skills you know will be required for making the next big decision is a great way to continue to grow. You’ll often find yourself sitting in a position of holding subject-matter-expertise and providing that knowledge to help inform greater entities (team, company, etc) on how to execute well.
It’s amazing to me the return on investment that comes from a company investing in themselves. Every month we’re given 2 days and the ability to focus on an area of experimentation that could align with our mission objectives.
July 2022 - Small team formed to discuss the topic “OSCAL”. That’s it - no prior solutioning or planning, just prior knowledge from a few on other R&D engagements that informed us OSCAL was a topic we wanted to look at.
Another wellbeing topic - as I believe people need reminders on a regular basis. This one being important to me because it comes from a conversation with a friend.
Self Perception: How do you perceive yourself - here and now - as well as where you believe you can go.
Self deprecating comments can be fun jokes at the expense of oneself and do no harm when you know the truth behind them. But the other side of the coin is that imposter-syndrome would not be a thing if not for doubt that lives in the minds of others.
