s1l3ntk1ll3r

Hi Mike, I’m a big fan of your blog and know you’re a SCA (SANS Cert Addict) haha. Thanks for doing this AMA!

For someone who’s been on the offensive security side of the house for a few years and now getting into more Application Security Engineer focused roles, what would be some recommendations in terms of a skills roadmap? (certs/study/training etc.). Thanks!

Thank you! Yeah, I see myself in that deathtrap of trying to build out roadmaps and taking on way too many things a little too often haha. I definitely agree with you that AppSec is one of the most interesting security disciplines out there atm.

Given my background, I tend to gravitate towards breaking and a fair bit of defending but I’m fairly green when it comes to building. That said, I’m trying to improve my dev skills to be able to understand a developers mindset and be able to design and build an AppSec program from that PoV. On the same note, I’ve been looking into the CSSLP cert as a reference to help me along this journey, any thoughts on the cert or the material?

Appreciate the response and I look forward to your new content.