Become an Application Security Engineer | Roadmap
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- In this video I clarify the confusion around Application Security and I share with you how you can become an Application Security (AppSec) Speclialist or an Application Security Engineer.
Protect this guy at all costs
lmao thanks man
He's doing well 😊
I'm in a full stack bootcamp and wanted to get into application security engineer. I don't have a degree but I'm working on getting my security plus cert. This video helped alot but wanted to know if I'm going in the right direction
Seriously Dude.. He's the best.
Thank you Sir, I passed my CySa+ exam today(16-09-2023). I thank you so much for your help and guidance. God continue to bless you
🙏🏻
hey i just want to thank you for making these videos. recently, due to a medical issue i was rejected from joining my countries military. i had been planning my since i was 7 or 8 to join the army, i felt lost and didn't know where to go. eventually, i settled on cyber security and your videos have really helped me narrow it down and plan a solid road map.
Glad I was able to help Vrun, all the best my friend
@@UnixGuythank you for making the video. It is very interesting. Do you know if the IBM certification for Application Security Engineer is worth it?
@@toddh3704 yes its ok
@@UnixGuy thank you. We all greatly appreciate all your videos. I just started watching today.
I was just given advice about this by a person in the industry as well; thanks for this well structured video.
Awesome! There is a huge demand for AppSec, are u thinking of getting into it?
@@UnixGuy yes initially I was thinking of heading to study for the AWS solutions architect cert but decided to veer off in another direction. There is someone I know that works in the field and he mentioned it'd be a better idea to start around here and then if I want to do cloud security to switch after.
@@greysonbennett6788 no reason why you can’t do both, cloud skills will always be handy
Thank you for explaining the Application Security landscape. INE has updated eJPT to version 2 with more industry relevant content. Several streamers have mentioned a shortage of qualified people for the AppSec field. Please share your thoughts on this issue. Also, keep on rocking the content U.G!
Hey Bob, I agree there is a big shortage of ‘GOOD’ AppSec specialists! Key word is good, so if someone is really good in this area they’re gonna have an excellent career
@@UnixGuyThank you. Being good is key! Also, finding that good training to become a 'GOOD' AppSec specialist. 👍
@@BobBob-qm2bm 100%
Question how can u get the experience you need in this field with no background knowledge
Thank you so much. I am sending you this short message as an appreciation to you. I was able to get 4 certification (Comptia Security+, SC-200, AZ-104, SC-100) in 4 months with your motivation and encouragement. Even though I have not landed my first job but I believe I will soon. Keep up the good work. God continue to bless you and your entire household.
so glad to hear it! congrats and I’m sure you will land a job soon if you keep applying’l!
I'll like to mention DAST, SAST and IAST. These are point and shoot type scanners
That you can use throughout the SDLC
Excellent points, agreed.
You hit the nail on the head! My mentor is a DevSecOps engineer and a lot of what he does is cloud security, container security and integrating security into the CI/CD pipeline which is alot of what I’ve seen in appsec postings lol he just doesn’t know how to code. Whereas I just got hired as an appsec analyst work where I’ll be doing lots of code review and working on a SAST tool however lol. These terms are really vague and inconsistent lol 😅. Would you say cloud certs would be relevant for me on top of Portswigger and pentesting certs? Because I do want to ultimately be an appsec engineer.
focus on portswigger / pentest and if u have time for sure cloud is helpful
Love the vids bro, would you recommend WGU University for B.S Cybersecurity & Info assurance? Thanks!
I certainly do, talked briefly about it here: Western Governonre University (WGU) Degrees | Cyber Security
th-cam.com/users/shortsWJs-oh1IIJc?feature=share
I'm the only app sec analyst at my company and I'm expected to build out the app sec program. I feel a bit lost and overwhelmed. I'm attempting to slowly make changes that will move everything to be more secure
Hey Charles, it’s not uncommon to be the only AppSec person unfortunately, as I said in the video people generally don’t understand this field very well.
I recommend you start by ensuring there are checks against OWASP top 10, and secure coding reviews are conducted before going to prod
good luck!
Dear UnixGuy, I really enjoy your career pathway videos a lot but there are still fields out there that you haven't covered like IAM, security architecture and DevSecOps. Could you do a video on these sometime? Appreciate it!
hey mate, security architecture is coming in the near future!
Regarding IAM and DevSecOps there aren’t exactly certifications, its something you learn from broad certs and doing on the job tasks, but I might summarise them at one point
@@UnixGuy OK looking forward to it! I missed security engineering, would it be possible for you to cover what's it like to be a security engineer as well? Thanks.
@@primebore security ‘engineer’ can mean a lot of things in different companies, so much so that the title is meaningless now, but the closest is a SOC anlyst/engineer:
th-cam.com/video/HohIYcNd_VM/w-d-xo.html
@@UnixGuy That's interesting, wouldn't a SOC analyst be more focussed on the DFIR side rather than working with security architecture? I read online that security engineer roles tend to be a step up from SOC roles, but just beneath the architect role.
@@primebore some do some don’t, titles are all over the place unfortunately. A SOC engineer can also create detection rules for eg,
Great video, i in a dev sec ops position and i mostly do secure code reviews. I have fun but would enjoy red team operations more, but breaking apps is fun. The pay is great too 100k.
Sounds great!
How much coding required for this job ? And what kind of resources did you have ? Free or purchase ?
@@squid13579 , currently its not much writing code but it is a lot of reviewing and correcting code. I have a Masters in Computer science and the CSSLP certification. On my youtube channel savage scientist i will start covering things i do as a security analyst.
Hello, I just arrived at this channel, I'm starting in cybersecurity, but I have 3 questions, can you help me? 1: Is it better to go after these certifications soon? comptia, CSSP, EC-COUNCIL...
2: Are there really these 300,400k a year salaries?
3: Are AIs or this tech bubble that burst ending or could they end up with jobs in the area?
Hey mate, I answered this comment in another video
What is the main language used as a cybersecurity analyst and consultant?
What languages are taught in Macquarie's bachelor of cybersecurity. And is the degree heavy on discrete maths and etc. Thanks, great info😍
Hey mate, there is no ‘main language’ , it depends on the environment. This video explains what a SOC Analyst actually does:
th-cam.com/video/HohIYcNd_VM/w-d-xo.html
As for Macquaire, I reviewed their degrees a year ago: th-cam.com/video/jLHHwHzqaEI/w-d-xo.html
eJPT noted ✅️ 👌 😊
👍
What cyber security jobs can you do, if you like to do system management but do not want to learn programs languages or coding
What do you mean by ‘system management’ ? System administration? you need some basic scripting fir that, but it’s not a cyber job per se. there are many cyber jobs that doesn’t need programming. I recommend you watch this playlist and select a path that you like: Cyber Security Specialisations
th-cam.com/play/PLdI5VHN89i7XgaT-dWsthpAKOmjAF3gCR.html
Hey UnixGuy, '
can recommend some SOC certifications that can land me a job pleas. i have eJPT, Security +, and i studied Cyber security bootcamp in one of US Universities. i looked up the SANS GSOC which is very expensive to me, i cant pay for it. i would really appreciate it if you give me some information.
Thank You.
The recommendations that you’re looking for are all in this video:
th-cam.com/video/HohIYcNd_VM/w-d-xo.html
@@UnixGuy Your content is Golden Sir,
Thank You so much.
@@everything-om3zx you’re welcome mate, once you watvh the video, let me know if you have any further questions :)
Hi Unixguy, what do you think of Cybersecurity Course (Cert IV) in TAFE Australia? Already have Bachelor of IT + 3 years of System Engineer work history. Planning to do certs as per your other video but saw TAFE course is free and course syllabus looks very interesting
Hey Rekke, I like that Cert IV because it’s free (i think in victoria) and I hired two people who did it.
It’s content heavy but you will get out of it what you put in. It’s going to be part of your learning journey so it’s just another avenue fir you to learn. But since you already have experience and degree, going straight to certs might be faster - depending on quick you are and how well you do self-learning, some people prefer the structure of a degree/tafe,
Many paths and options are out there, whichever you choose work hard at it and be patient and good things will happen
@@UnixGuy Thank you so much for your response! I would love to see some content on the different cyber security roles and pathways that System Admin/IT Roles can pivot into for career changes :)
@@Rekke_yt system admins can pivot to literally any specialisation. I strongly recommend the vidoes in this playlist, I go through each specialisation in detail: Cyber Security Specialisations
th-cam.com/play/PLdI5VHN89i7XgaT-dWsthpAKOmjAF3gCR.html
I have been contemplating about CASE Java Certification by EC Council. I am still not sure if I can go for it. Neither is the course content available on their website nor are any demo videos. I have been a typical Java developer with no exposure to security coding, whatsoever.
Kindly share your opining about this CASE Java training and Certification by EC Council.
Im not a fan of that training, do basic cyber security training like this: th-cam.com/video/6LIUhx95MCU/w-d-xo.html
and supplement with some pentesting courses:
th-cam.com/video/OR8G_Vi5B1U/w-d-xo.html
Hi, I am from software development trying to get into cyber security. I have worked in front end for 2 years. Is it possible for me to get into app sec as a beginner in cyber security?
yes you have the perfect background for it! You can even supplement with some certification to boost your profile. Start here:
th-cam.com/video/jtLfX5_Lu84/w-d-xo.html
@@UnixGuy Thank you so much for your answer
@@aruha2847 🫡
Can you help me please.
Needed a review about EC-COUNCIL. When i searched on reddit.
I can see that reddit users aren't happy with the EC-Council and their cources.
Some are comparing C|EH with OSCP instead of C|PENT.
I came to know that there's an offline institution that had partnered with EC-Council and give training offline instead of online. (It's make it easier to learn I guess)
They offer C|EH, C|SCU, C|ND, C|SCE, C|PENT, C|HFI
I'm curious about C|HFI.
I'm an absolute beginner and never got an exposure into ethical hacking or cyber security.
The fee is 3 lakhs INR ($4000)
And i can't afford it and must take a loan to take the course.
What's your opinion about this, and any suggestions?
Thanks :)
I’m gonna have to agree with reddit. If you want to be a penetration tester, save your money and do the courses I recommend in this video instead: th-cam.com/video/OR8G_Vi5B1U/w-d-xo.html
@@UnixGuy thanks. Appreciate it!
@@abhiraj4528 u welcome
will ai impact appsec jobs more than other cybersecurity positions? for example, do you think that ai will eventually produce more secure code thus reducing the need for appsec engineers? or do you think it will be the opposite?
the answer is here:
th-cam.com/video/5sCrHjDMsiU/w-d-xo.html
@@UnixGuy Oh! You responded so quickly I didnt even notice lol. Thank you, I will go watch now!
Quick Question, can vulnerability management be a pathway to becoming a application security engineer ?
Unlikely! If you want to become Application Security Engineer follow this:
th-cam.com/video/shgKU-zjOmw/w-d-xo.html
can you become software engineer with cyber security courses?
Do software engineering courses if you want to become a software engineer, watch this:
th-cam.com/video/ys-_xQHaYAc/w-d-xo.html
Hello Abed:
Is there a training you know that I can enroll in to be an appsec engineer?
yes all explained in this video:
th-cam.com/video/shgKU-zjOmw/w-d-xo.html
I am late to the party! I want to become an Application Security Engineer. Can someone provide a roadmap for such a field?
yes this video has it:
th-cam.com/video/shgKU-zjOmw/w-d-xo.html
With the coming of DevSecOps, what's the future of AppSec engineers?
the future is good!
Can you recommend any links to study appsec.
yes watch this:
th-cam.com/video/shgKU-zjOmw/w-d-xo.html
@@UnixGuy Thank you.
sir can share us your linkedin or some verification proof of your work
No, I don’t share my private LinkedIn information publicly.
@@UnixGuy Sir you seems like a genuine guy but i like to cross check the information but there are no credentials like LinkedIn or twitter or GitHub or showcase of you
@@krusty07 I have no obligation to prove anything to you my friend, I’m putting out my personal views online for free, take it or leave it.
@@UnixGuy alright sir