Seven Things: Frank Zappa, T. Coraghasen Boyle, and Twenty-one Years in Security

When I joined Cigital in 1995, it was known as Reliable Software Technologies (or RST) and had a grand total of seven employees. By the time Synopsys acquired Cigital's 500 people in late 2016, my tenure at Cigital was old enough to drink on its own and I had moved up from lowly research scientist to Board member. I may have learned a thing or two while building a security career, or maybe not. Perhaps Frank Zappa or T.C. Boyle would know? Without further ado:

1. Passion matters
2. So does a solid rhythm section
3. Practice, then practice some more
4. Write original music
5. Find the calm
6. Give back
7. Know your audience

Think of these seven things as guidelines, not laws. Creating a successful security career is just as much about the journey as it is about some particular destination. Your implementation will always be uniquely yours (no matter what Zappa says).
Gary McGraw is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Maxmyinterest, NTrepid, and Ravenwhite. He has also served as a Board member of Cigital and Codiscope (acquired by Synopsys) and as Advisor to Black Duck (acquired by Synopsys), Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics, Computing, and Engineering. Gary produces the monthly Silver Bullet Security Podcast for Synopsys and IEEE Security & Privacy magazine (syndicated by SearchSecurity).