|The InfoSec Mentors Project is off to a great start. While some participants are familiar with the process, others are just getting their feet wet for the first time. This week, we are very excited to show our readers what one mentor has been doing with his mentee, and the kinds of topics they're exploring.|
Earlier this month, InfoSec Mentor @SecurityNinja volunteered to be matched with mentee @JackWillK. Jack was looking for someone to help him hone his skills and to help him engage the community. David began creating a list of things they could work on with Web Application Security to build up his knowledge/profile.
So far, Jack and David have made some great progress on this list. In addition to being more animated on Twitter, Jack has also begun his own blog. He followed through on the suggestion to do a series of posts based on the PHP ESAPI project from OWASP. This brought some new attention to the project, and Jack was even mentioned for his work at an OWASP meeting. Then Jack's blog was picked up to be a member of the Security Bloggers Network. Success!
David was nice enough to also share with us his suggested reading list of books and articles that focus on general security knowledge for a good foundation.
"If I were trying to get started in web app security right now I'd have a read of some of my own presentations (*might be a biased statement haha) on the Principles of Secure Development and my DEF CON presentation from last year.
The Principles of Secure Development is basically a root cause analysis approach to secure development. It focuses on the real issues behind vulnerabilities rather than getting caught up in the FUD and media hype of specific vulnerabilities, top "X" lists, etc.
We're looking forward to seeing some more great things from Jack, and hopefully he'll keep us in mind when he becomes a Security Rockstar :)