Shifting Left: Being Early in Cybersecurity

🚀 From Classrooms to Secure Code: Sharing the AppSec Vision at Anáhuac University.

Last Monday, October 16th, was a memorable day. I had the privilege of returning to my Alma Mater, Universidad Anáhuac México Norte, to give a specialized talk on Application Security Engineering (AppSec) to senior year students of Systems Engineering.

It wasn't just a lecture; it was a vibrant discussion about their future if they wish to pursue a career in Cybersecurity.

🤝 A Collaborative Effort with a Future Focus.

This initiative arose thanks to a joint effort between the Nestlé's Youth in IT volunteer program and the Anáhuac University Employability Department. The goal: to connect young engineers with professional practice and high-demand disciplines, such as Cybersecurity. Around 30 students, along with professors and the general public, gathered at midday to delve into how security must be the foundation, not just a surface layer, in software development.

💡 The Three Pillars of the Talk: DevSecOps, OWASP, and The Real World.

The central focus of the session was on effectively integrating security into the development lifecycle. The main topics we covered were:

• DevSecOps and Shift Left: We defined what DevSecOps is, and more importantly, how the AppSec role drives the concept of "moving security to the left" (Shift Left), meaning integrating it from the earliest phases.
• Key Tools and Standards: We reviewed the essential OWASP Top 10 as the bible of the most critical vulnerabilities. Furthermore, we explored resources, frameworks, and scanning tools like SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
• Real-World Exploits: We discussed the impact and real-world consequences of insecure applications, from financial losses to damage to reputation and user privacy.

🗣️ Interactions That Inspired: From Gray Hat to Self-Taught Learning

The session turned into a true discussion forum, which demonstrated the high level of interest from the attendees.

• The Bug Hunter: I was especially thrilled by the participation of a young student who shared his experience venturing into gray hat hacking. I was able to give him specific guidance on how to channel that passion and skill into a solid professional career as a Bug Hunter or Ethical Hacker, highlighting Bug Bounty platforms.
• Entrepreneurship and Security: A budding entrepreneur, doing her MBA at Anahuac University, asked about MFA (Multi-Factor Authentication) integration and the responsibilities applications have regarding user data, a crucial topic in Data Governance, for her own newly formed Startup. Highlighting the breach that exists between business majors and Cybersecurity
• The Role of the Faculty: The attending professors showed great interest in self-taught learning. I was able to share a curated list of books, e-books, and online resources (like courses and specialized platforms) that have been key to my professional development.

👨‍🎓 A Homecoming: Anáhuac at the Forefront

As an alumnus from the 2016 generation, I was pleased to see how much the university has updated. I want to recognize and highlight the effort of the professors and the Employability Department. They are a constant engine for leading their students to these dynamics of professional immersion and practical knowledge. It was an excellent initiative that, I am sure, encouraged many young people to give cybersecurity the priority it deserves in their future projects.

✅️ The Key Takeaway for Future Engineers

If I had to reduce the entire talk to one key phrase for the students, it would be this:

Security must be an integral part of an IT system and should never be an afterthought or a nice to have.

Thank you to Anáhuac for the invitation! See you soon in the continuous integration pipelines.