As security moves more increasingly into the national spotlight, the need for security engineers and experts has never been greater. For those interested in security researcher positions, my best advice is to never stop coding. This is true whether you are working in an entry-level position or are already a senior researcher.
Within the security industry, it has often been said, “It is easier to teach a developer about security than it is to teach a security researcher about development.
Pure security researchers have often seen only the failures in the industry. This can lead them to assume vulnerable code is always the product of apathetic or unskilled developers. If they have never been exposed to large-scale development, then they don’t have a robust understanding of the complex challenges that face developers in secure code development.