Need write it down after the talk:
- How do you define a person’s responsibility in my role:
- No security issues to be seen repeatedly.
- All issues are being tracked
- Talk with other security engineers to extend tools
- How do you define security engineer’s responsibilities:
- AppSec: oversee application security, including design and implementation, more like building code inspector
- Incident Response: identify problem, find root cause, with with developer to find solution and following up till fixed
- Security design adviser
- What a principle QA should do
- Discover a common problem, find a solution, improve overall quality
- No defined responsibility — how can you define a “Master”, you just know someone is a master but he/she can not be pre-defined
Long way to go, but I am getting there
be simple 
Leave a comment