Need write it down after the talk:

  1. How do you define a person’s responsibility in my role:
    1. No security issues to be seen repeatedly.
    2. All issues are being tracked
    3. Talk with other security engineers to extend tools
  2. How do you define security engineer’s responsibilities:
    1. AppSec: oversee application security, including design and implementation, more like building code inspector
    2. Incident Response: identify problem, find root cause, with with developer to find solution and following up till fixed
    3. Security design adviser
  3. What a principle QA should do
    1. Discover a common problem, find a solution, improve overall quality
    2. No defined responsibility — how can you define a “Master”, you just know someone is a master but he/she can not be pre-defined


Long way to go, but I am getting there