In this special episode of An InfoSec Life, Sean Martin has the pleasure of speaking with Arleena Faith, a software security professional, an application security advocate, and active member of the ISSA and OWASP communities.
During their chat, Arleena tells us about her journey into cybersecurity, touching on some of the key milestones she reached, the challenges she faced, the associations and individuals that gave her hope and support along the way, and a view into her current role. A truly gifted and inspirational individual whose goal is to raise awareness for cybersecurity, Arleena is on a mission to raise the bar when it comes to software security, helping organizations recognize the importance and value of a secure software development lifecycle. We hope you enjoy listening to her story as much as Sean enjoyed capturing it.
One of the fascinating things about cybersecurity is that it combines computer science and human psychology. Cybersecurity encompasses many disciplines, some of which are well understood and studied; others newly growing fields–or even yet for discovery. There are cybersecurity processes and standards for the development of secure applications, such as the Secure Software Development LifeCycle (S-SDLC, SSDLC, etc.) that–despite created decades ago–emerge as new, given their limited adoption.
Finding one’s place in the cybersecurity industry may be challenging. This is especially difficult if one enjoys every part of it. From “offensive” to forensics, “hands on” to research; one could spend a lifetime deciding which field is the most exciting. Or one could realize that perhaps one’s place in the industry is that place where one can make a difference. This difference might be exposing the “heart” of the problem, which relates to the processes employed to build software applications, to how they are implemented and taken seriously by software development teams.
The story is a professional commitment towards helping the industry adopt S-SDLC as the main standard to build software products. The industry needs to close gaps between software developers and security teams such that vulnerabilities like SQL injection and cross-site scripting–items that were technically “resolved” years ago–are finally “cured.” In order to do this, adoption and standardization of the S-SDLC must happen.
This is my story and my mission.