Security is All of our Problem and I Want to do Better

A number of people have asked me about my recent uptick in tweets relating to information security. Some even asked me if I had left web development. I honestly didn’t think anyone had noticed but looking back I can clearly see how my interest in the area has been featured in my tweet stream.

Let me say that I haven’t left web development. I still love the web and the awesomeness that can be built from it. For example I’m about to begin learning Vue.js for a new project at work and I’m really excited about getting into building a site with it. It’ll also use Webpack, TypeScript, ES2015 and WebDriver, all great modern tools that I want to learn.

But I admit that I’ve caught the security bug and I want to explore it further. When I saw the effects of WannaCry and how it could’ve had such tragic ramifications on human life, I started looking into how I could help. There’s a great intersection between web development and security when you zero in on application security. If you look at the recent Equifax, that’s a great example of how building secure software is so important. And seeing companies like SourceClear, Snyk and the Node Security Project sprout up further highlighted that there’s a need to do better when it comes to security. When I attended Blackhat and DEF CON in July, I was exposed to a whole new world that I hate to admit I hadn’t really considered. It made me realize how we as developers sometimes assume that security is someone else’s problem.

Security is all of our problem and I want to do better.

I’m really enjoying learning a totally new area of development that is completely out of my comfort zone and the fact that I can make it a part of how I think about building solutions is great. As I meet more infosec professionals, I’m slowly getting a picture of just how tough their work is. They have their work cut out for them trying to fend off attacks at every layer of the OSI model while still giving legitimate users the flexibility to accomplish their work. Not easy.

I want be more security-minded as I build my apps and I want to better understand how to do it right.

Rey Bango