Infosec Skills author teaches people-process-technology approach for "secure software development"
Infosec Skills instructor John Prathab learned the importance of education and development early in his IT career.
“In IT, we call it a people-process-technology approach, where technology is as good as the processes implemented around it, and processes are as good as the people who execute them,” John said. “Realizing this, I invested in my education and career development heavily. It helped close my skills gaps and increased my productivity at work.”
He carried that same approach throughout 12 years of his experience while doing lab experiments, earning certifications and building his new Infosec Skills learning path. John’s Secure Software Development Life Cycle (SDLC) Learning Path is a foundational course designed to give you hands-on experience in developing or establishing proactive and reactive security controls across your organization.
Secure Software Development Life Cycle
The journey from a software developer to security architect
“I started as a software developer and my role entailed coding security, which got me interested in the cybersecurity field,” said John. “There was no stopping then. I started learning more through certifications, training courses and self-study. I got my hands dirty with CEH (Certified Ethical Hacker) and CHFI (Computer Hacking Forensic Investigator) certifications and was able to apply that hands-on-experience in my security consultant job.”
Learning and earning different cybersecurity certifications, John eventually moved up to Senior Cybersecurity Architect at VISA. This was only possible because of continuous learning and development through these 12 years.
Developing practical cybersecurity skills
The Secure Software Development Life Cycle Learning Path focuses on the three phases of secure software development: Secure design, secure build and secure validation. “In the path, we learn the concepts and polish our basics, then implement these concepts through the project,” John said. One of the project’s challenges is “static application security testing using codebase and VCG tool, which is a direct application of security validation.”
The hands-on project John created is designed to reinforce key concepts from his course, provide practical experience and help students develop their skills.
John said he designed the SDLC Learning Path to be as applicable as possible. He wants students to walk away with a strong foundational knowledge of SDLC, which they can use as a base to develop advanced skills like pentesting, creating their own scripts for network security and much more.
Selecting the right certificates
Professionals in many fields benefit from pursuing industry certifications. Getting certified helps IT pros get hired and advance their careers while showing dedication to professional development and learning. Certificates help verify a person’s skill and assist current professionals in moving forward in their careers. Of course, not just any certificate will do.
“It is important to choose certificates that best fit your career goals. That is why I pursued CEH and CHFI certifications. I gained hands-on experience in subjects relevant to my career goals, which I can apply in my day-to-day job,” said John. "If your goal is to move into management, certifications like the CISM can help you learn more about IT management and prove you're qualified for the role."
That’s why no matter your reasons for pursuing certification, John stresses the importance of choosing a certificate that matches your career goals.
John’s motivation is mentoring
“When I started in cybersecurity, I had no mentor and didn’t know where to start,” John recalled. “It motivated me to share my knowledge and experience with people new to the field.”
John started his career as a software developer but switched his focus to cybersecurity in 2007 when he joined Information Security System (ISS), an IBM subsidiary. He has spent the last 12 years doing cybersecurity research and development on securing software development life cycle, security contours, security analysis and security architecture.
“I started as a security analyst and currently work as a senior security architect. I have learned a lot during this 12-year journey,” John said. That led to consulting for many companies to meeting new people who are just starting out in cybersecurity to becoming an Infosec Skills instructor.
Contributing to the cybersecurity community
John encourages everyone to give back to the cybersecurity community. A thriving community teaches, mentors and energizes its members. It serves as a platform to share and benefit from each other’s experiences and learnings.
“Contributing to the community is a two-way street,” said John. You gain as much as you give.”
So how can you contribute to the cybersecurity community? Here are just a few ideas.
- Mentoring people who are new to the field
- Donation to communities that empower people in the field
- Participate in security challenges and conferences
- Conduct webinars to raise cybersecurity awareness
Learn more about John Prathab courses
About John Prathab
John Prathab has a master's degree in software engineering and more than a decade of IT experience, with 12 years in application security and three years in software development.
His primary responsibilities are in Secure SDLC, including but not limited to threat modeling, secure DevOps, web application firewalls, static and dynamic application security testing, RASP, pentesting and red teaming to safeguard information and hold people accountable for security. He's interested in active learning, innovation and mentorship and is certified in ethical hacking, computer hacking and forensic investigation. He holds CEH, CHFI, SANS GMOB and Data Virtualization Architect certificates.
In this Series
- Infosec Skills author teaches people-process-technology approach for "secure software development"
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity