The next thread in our series is Security Assurance. Thanks to the Pentesters for their AMA – you can find the thread here if you missed it: [https://www.reddit.com/r/cybersecurity/comments/krs3pq/we_are_pentesters_ask_us_anything/](https://www.reddit.com/r/cybersecurity/comments/krs3pq/we_are_pentesters_ask_us_anything/)
We’re joined by /u/brnbabybrn_cyber, a 20 year industry veteran who has worked for some of the biggest Tech companies that produce product that we carry around every day. Their specialty is building security assurance programs from the ground up. Secure development, threat modeling and assessment, program and project management for remediation, tracking security spend across an organization, working with leadership on the security risk portfolio, etc. With the security assurance charter often comes with community building and security awareness (meetups, training and certification programs, podcasts, and other events for example).
In the past they’ve managed threat and vuln management, security assurance, and pentest programs (the PM side not engineering side), so there might be some interesting opportunities to share how best to communicate and recommend engagement of engineering resources to senior leadership among other things.