Thankfully, that really depends on the org. I started in security before “security engineer” was a thing. It was different times, for sure. When the 2008 housing bubble popped, banks started the trend of splitting out engineering roles from the newly formed risk and governance groups. This eventually morphed into what we have today: Security engineering teams and separate GRC/Legal teams.
I can’t hate on compliance too much through. If ran correctly, tracking and auditing networks and processes is an extremely important thing to do.
I just learned both worlds over the years. At my age, I have the technical experience to hold my own and also the balls to push back on stupid compliance requirements to people very high up in organizations. (The trick is to not give a fuck about getting fired for speaking my mind.)
Sorry. Went on a bit of a tangent to say “I understand you completely.” ;)
Thankfully, that really depends on the org. I started in security before “security engineer” was a thing. It was different times, for sure. When the 2008 housing bubble popped, banks started the trend of splitting out engineering roles from the newly formed risk and governance groups. This eventually morphed into what we have today: Security engineering teams and separate GRC/Legal teams.
I can’t hate on compliance too much through. If ran correctly, tracking and auditing networks and processes is an extremely important thing to do.
I just learned both worlds over the years. At my age, I have the technical experience to hold my own and also the balls to push back on stupid compliance requirements to people very high up in organizations. (The trick is to not give a fuck about getting fired for speaking my mind.)
Sorry. Went on a bit of a tangent to say “I understand you completely.” ;)