Jeevan Singh, the director of product security at Twilio, discusses the future of application security engineers. Singh highlights the importance of embedding security into all aspects of software development and the need for a strong security culture within organizations. He also explains the skills required for a senior application security engineer, such as application security, software development, and teaching skills. Singh underscores the importance of empathy and influence, emphasizing that soft skills can significantly affect adequate application security. He also discusses the impact of AI, particularly OpenAI's GPT, in supporting the work of security engineers by providing valuable insights and information. Singh concludes by urging application security engineers to broaden their skills, particularly in software development, to ensure they can effectively handle the industry's evolving demands.

Five takeaways:

1. The future of application security engineering requires a blend of skills: Application Security (AppSec), software development, and teaching skills. Communicating and teaching others about security best practices is becoming as important as technical know-how.
2. The role of application security engineers is evolving: They are expected to identify and fix security issues and embed security considerations into the entire software development process. They are also tasked with educating other staff on security best practices.
3. Empathy and influence are crucial soft skills for application security engineers: It's essential to understand the perspectives of various stakeholders, from developers to executives, and influence them to prioritize security. This involves presenting data effectively and advocating for security measures.
4. Future demand for application security engineers is anticipated. As organizations increasingly realize the importance of securing their applications, there will be a growing need for professionals in this field. This is particularly the case for startups and smaller organizations.
5. Scaling application security efforts requires a team-based approach: To keep pace with growing engineering teams and increasing security demands, application security efforts must be scaled. This could involve creating "security champions" within development teams, implementing automated tools, and involving executive leadership to incentivize security improvements.