The original post: /r/cybersecurity by /u/cppnewb on 2024-11-18 23:48:13.

I have 5 YOE as a Software Engineer and about 3 YOE as an Application Security Engineer. Still relatively new in the security space. I have experience in: threat modeling, architecture reviews, secure code reviews, analyzing results from SAST/DAST scans, pentesting, tool development, and providing vulnerability remediation guidance to development teams. In my current team, each AppSecEng is directly responsible for one specific domain. One engineer works with just SAST/DAST, one engineer only does pentests, etc. My domain is threat modeling, but I also have a number of random projects on the side. Writing various automation scripts, configuring an in-app WAF, enabling secrets scanning on various repos, etc. While my coworkers are specialists, I find myself to be a generalist. From a career growth perspective, I wonder if I need to laser focus on one area, or if I can continue doing what I’m doing. FWIW, I’m happy with my work, but want to make sure I’m gaining the necessary skills to get promoted to Senior and beyond.