The security industry complains about a lack of talented people, but most of our jobs require Senior Engineers with 8 years experience. New grads and non-grads struggle to get a foot in the door, so they never get those 8 years of experience. Google has made progress towards solving that problem. We created a team that hires people at entry level and grows them until they can take more senior jobs. The team manages operational security work, like exception requests, that senior engineers find boring but new engineers find interesting and educational. The team also writes code to automate away as much work as possible.
We’ve also created a feeder program to train non-security people up to entry level in security, and we’ve created a rotation program to transition software engineers into security. Together, these programs have resulted in many hires and promotions and multiple rising stars. Additionally, the team is substantially more diverse than average.
After attending this talk, you’ll understand how we achieved these results and how you can create a similar program in your own organization.
David (they/them) joined Google’s Detection & Response team in Kirkland 3 years ago as a Security Engineering Manager. They manage several teams related to detection in Google Cloud, as well as the ATC team that is the subject of this presentation. Prior to Google they led the Microsoft security incident response team in responding to incidents such as Heartbleed and Stuxnet. They are a Quora Top Writer on topics such as security, management, and the tech industry. In their free time, they enjoy playing with their kids, hiking, climbing, camping, sailing, chess, and homebrewing beer.