Application security keeps me curious and I’m lucky I get to do something I love with awesome people. There are surprising similarities between finding a security vulnerability and understanding how people need/want to be managed – I find that interesting and gratifying.
My workplace happiness scale, increasing from left to right:
find bug -> fix bug -> find systemic issue -> fix systemic issue -> manage awesome people -> find the right gif
Finding a bug is good, but finding bugs is better.
Fixing a bug is great, but fixing a class of bug is greater.
Educating developers to not write bugs is security nirvana.
My current role involves a mix of all the above and I enjoy the ability to be a manager while also contributing to technical initiatives.