When I joined Cigital in 1995, it was known as Reliable Software Technologies (or RST) and had a grand total of seven employees. By the time Synopsys acquired Cigital’s 500 people in late 2016, my tenure at Cigital was old enough to drink on its own, and I had moved up from lowly research scientist to Board member. I may have learned a thing or two while building a security career, or maybe not. Perhaps Frank Zappa or T.C. Boyle would know? Without further ado:
Think of these seven things as guidelines, not laws. Creating a successful security career is just as much about the journey as it is about some particular destination. Your implementation will always be uniquely yours (no matter what Zappa says).
Dr. Gary McGraw (@cigitalgem) is the Vice President Security Technology of Synopsys (SNPS), a silicon valley company headquartered in Mountain View, CA. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as a Board member of Cigital (acquired by Synopsys) and as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary produces the monthly Silver Bullet Security Podcast for Synopsys and IEEE Security & Privacy magazine (syndicated by SearchSecurity).