« Dublin School of Security Logo
Crash Dump Analysis Patterns (Part 113) »

The New Journey of The Software Professional

Having spent 16 years in software engineering I ventured into software support in 2003 (with 8th year started at the time of this writing). Now it is time for the next gradual shift into software security (the domain I previously had exposure to but not as a primary focus):

The title of this post is borrowed from the book I read from cover to cover long time ago and recently put on my desk again:

Journey of the Software Professional: The Sociology of Software Development

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

This entry was posted on Friday, October 29th, 2010 at 3:43 pm and is filed under Announcements, Books, Dublin School of Security, History, Memory Analysis Forensics and Intelligence, Software Engineering, Software Technical Support. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “The New Journey of The Software Professional”

  1. Knyghte Says:
    October 29th, 2010 at 4:36 pm

    Congratulations, Dmitry! I wish you the best on this new voyage; please stay with your positive and cool attitude, the IT security environment is highly competitive, in part it’s a meritocracy, there’s a frequent bad attitude towards the software development and highly inflated egos. It has its very good aspects, but I see what I’ve described everyday.

    Don’t you let people change you!

    Cheers!

  2. jduck Says:
    October 29th, 2010 at 5:16 pm

    Nice. If you have any questions I’m willing to help you :-)

  3. Jamie Faye Fenton Says:
    October 29th, 2010 at 10:27 pm

    Software Support => Software Security

    It is a logical progression of sorts. A really well implemented operating system should make support issues much less rampant, as well as making security issues much less problematic.

    A security hole is taking advantage of a bug — if bugs can’t have unexpected consequences (like handing something root access, or creating an opprotunity to tell a lie), then the system is fundamentally more secure.

    One gentleman with an extraordinary insight into security issues is Mark M. Miller, currently of Google. I have learned more from him than anybody else. One of his sayings that I cherish is:
    “Never prohibit what you can’t prevent”. MarkM was and is a real fan of the “capability security model”, which I strongly recommend you learn about (if you don’t already know about it).

    My other guru-level saint in this field is Bruce Schneier , who has a different take than MarkM does - which is to make sure you focus on the real threats rather than the theoretical ones, and that you don’t panic.

    So will you be shifting more into forensics now?

    – Jamie F.

  4. Dmitry Vostokov Says:
    October 29th, 2010 at 11:33 pm

    Thank you all for encouraging comments! ;-)
    Dmitry

Leave a Reply

You must be logged in to post a comment.