[Need advice] Transition from AppSec to Security Engineering
I have nearly 9YoE in cybersecurity, primarily supporting product teams across application security and DSO initiatives.
I've built the security champions program in previous 2 companies, given internal training on secure coding methods. I've helped the teams integrate & manage security pipelines (SAST, DAST, SCA) into their existing workflows & also created workflows for them. Now I'm working closely with engineering teams on remediations and security improvements.
I come from a C# background, but I haven’t really built production-grade applications end-to-end myself.
While I understand core web fundamentals (HTTP, CSP, CORS, etc.) and security concepts in depth, I haven’t had the opportunity to operate fully as a security engineer embedded within a development lifecycle. I’m now looking to transition deeper into Security Engineering roles (product-focused) and am currently considering:
- Working on my DSA and problem-solving skills
- Understanding system design from a security-first perspective
- Building hands-on projects to bridge the “builder gap”
My question for those already working in security engineering:
- What skills or experiences made the biggest difference for you?
- How important is DSA vs. practical system building in this transition?
- Any specific projects or learning paths that helped you stand out?
Appreciate any guidance.
P.S. Asked ChatGPT to refine my post. TIA