With a background initially as a web developer and then transitioning and upskilling in software engineering and cyber security, Steve has the full spectrum of SDLC experience and, along with it, the keen desire to embed security into the SDLC process.
His broad technical experience makes him all the more mindful of the effectiveness and efficiencies that organisations can gain from a shift-left approach to include security planning and considerations earlier in the SDLC lifecycle.
And it is not just his education and his experience gained on the job that makes Steve such a well-rounded security expert. He’s organised hackathon sessions, presented to security groups on topics such as Threat Modelling, provided walk-throughs of recent breaches and shared feedback on hardware exploits at Security Conferences such as InfoSec and 44CON.
In early 2021, Steve, along with his partner and baby girl, relocated from England and is now based in Auckland at SEQA as a Security Consultant. Below, Steve shares his experience of what led him to transition into the cyber security field, how his insights as a developer have impacted his practice in security, and why he finds his work so rewarding.
I’ve been in various technical software roles for almost 20 years now, and the number one thing I’ve learnt in my time is… Every day’s a learning day. The breadth and depth of both development and cyber security means there is always something interesting to learn. With a supportive community around you, there are always opportunities to learn from others, bounce ideas off each other and to give back when you’ve gained mastery of a skill or technique.
I’ve seen some major changes within the IT field. Here are my top three… The move from on-prem to cloud in the infrastructure world, and the move from monoliths to microservices in the software world, then the blurring of both of these delineated areas with Infrastructure as Code.
Organisations can perform with confidence when… Security tooling, manning and processes keep up with the pace of the pipeline. And when all of these, with the exception of the last one, are shifted left in the development lifecycle, then the security controls you think you have in place are validated as being sound.
The biggest motivators that drove my initial move into IT security were… I saw security as a big problem to try and help solve. There are many aspects to it that I felt my background in software development might bring a new angle to, when the more traditional angle is perhaps from the network and administration side. Also, for me, there was a sense of social purpose behind it. Applications are ubiquitous, so it follows that security flaws would be too. Stopping or slowing down those that seek to take advantage of others is what particularly drew me to the defensive side.
When I hear “Had I known then what I know now” it makes me think… I would have championed security as a developer.
The best advice I could give someone starting out their career… Don’t feel like you have no relevant skills. Because of the diversity of the cyber skill set, there will most likely be something you can offer, so try it….as long as it’s ethical, obviously.
When I first came to New Zealand my first thoughts were… Kiwis are friendly and welcoming. Plus, there’s so much to explore, see and do.
I’d love to meet… Adam Shostack or Sean FitzPatrick.
I absolutely love… A mince and cheese pie whilst watching a game of rugby, maybe washed down with some Cassells.