Becoming a Security Engineer Manager: Common Pitfalls and Lessons

so people good morning thank you so much to be here today in this Sunday again Cod Newcastle so my name is Marcus I'll be with you today for the next 30 minutes and look at me I manag now this was my path and my trail to become SEC engineer manager for SEC engineer position so my agenda is who is this guy with this strange ass talking here today okay we are talking about engineers we talking about managers what's the difference between why we think about career for engineers and maners one of the most important lessons and pitfalls that we do in this track what we can read what we cannot read some thanks things and thank you again

for hearing my awful voice so let's start I'm not from here I come from Brazil everybody says why why did you come to Brazil Brazil is hot so so that lady here bring that because she's doing have NE science so okay going to move to Newcastle 2 years ago and I'm from Brazil from a small City in the northeast of Brazil so the Northeast Feast I really like Newcastle because the small team of my hometown is white and black so that's got a thing and was young was playing fif with Newcastle things of life we got the biggest St John part in the world it's really nice so I always do this touris thing for

Brazil I come to Brazil come to cap but again who am I so I come from Brazil from a university I did my undergrading computer science and there I start with security so we got whole thing called like 8220 where projects between Brazilian European vesties and there I did start walk security when was really nice I was not expecting and I was start with the cloud so people talking about the cloud where's the cloud and so on and I did start from there afterward when I did graduate spent some work some time work Academia so I go to vex vex is a really big e-commerce company in La America and then on sorry it was just to

see if anyone was doing the lightning workshops because they're about to start no so no worries so so I was start I did start to work in VX VX are real big it comes platform and they have this strong soft engineer thing and they start to work security if you're a secret person and you did work soft Engineers it can be fun okay so after that we didn't start to create like a track think what's the difference about security Engineers what between soft engineers and what a man can do so after that was like working two years in brazilan time zone so I need a change so I did move to conso plane this what I'm

working right now as SEC gen manager we are consult company we FOC on security kubernetes and we are doing that like around the world new new things changing languag and so on so everything I'm going say that the characters are fictionals the main idea is to show some points and see how this can help you folks in your day-to-day basis so the thing the first thing is that now you're the manager right so you always ask help for your manager but you need to hand this kind of thing you are not the engineer anymore but what kind of stuff change your day-to-day basis so we put gbt every these days theand is that you have a sec engineer that folk or that

girl is thinking about design system how they do how they they field that's the most important thing the security Eng in the field like dealing with the problems working with sock and so on but that's a normal way of a engineer I was moving some desk outside at least I not on call today so when you on call God that's Wednesday I did so much work but you have the deal with technology running the stuff fighting the battles but now you want maner right and that's the thing that's the first thing what's the P difference between a sec engineer SEC engine manager we have we have like this whole kind of beautiful world like oh

you are leadership management but nobody actually tells how to do that so in the end a manager managers but just don't tell anybody something right so the idea is that you'll be like the world best boss you like this kind of stuff but how you can do it and the big tag in the past got this really great idea when my father was an engineer like a few years ago the only way to improve your career is to become a manager and you got like this whole boom thing the early the early 2000s about soft Engineers SE Engineers seem like fair right you really like to be in the battles you really like to be in the field and you

need to become a manager and as personal person as a personal opinion I think that's why we got like so bad stuff about managers because people are really you need to be a manager you you are obl to be a manager and we find this kind of thing like the why shaped career framework so you can prove exp but you cannot be a manager you sorry you don't want to be a manager and that's the main idea here how do you find the common ground how do you find if you want to be expect if you want to be a manager and you got half St that one the first one I think was from spoy that one for compar

theth is that you need to understand what your engineers are doing to become a manager because if you don't understand what they are doing what they are suffering how can you talk with them and you don't be you don't have to be like the technical person in the room but you need to understand how the fight goes and how the emotions goes through so most of the companies ask that you have to be a manager in the past an A List in the past to become a manager to understand what people why people are suffering that so okay we did so much information two bit his slides but you still want to be a man right you still

want to work with people and that's the first here why and that's the first catch you have people skills you want to talk with people you really want to see the people grow I really like the idea that's a manager it's great for you to see people growing and they living things and you are not the person who do that and this can be really tough in the beginning oops because there's a spirit F right you are not the technical fing M you are not the person that people call at night and say oh you need to solve that you don't need to be doing this nice new stuff in kubernets you don't need to do like the nice stuff with opsf

but where are you going what you doing and again you got this to me that you now are manager and you are not then more coding open tting or so on but it still need to be Tech right because if you got like a new of 2 you got a new kind of D test and exercise how you can do that and that's the thing you are a manager but you are still managing people that now I smart in you so you are a strategic position so again got the for was right so they Cod theend is not your PR job anymore but most of the time you need to touch this kind of stop

so how do you find the equilibrium between and yes you need to care about people right so you have been a technical person you have been there you have been in the fights but you care you care a lot you care when I was seeing the keyote and the F was I got a really bad manag and really hurt my heart because managers need to help need to care a lot and again most of the people that became a manager they got this thing that I'll be the best manager ever because I know how painful was to do some stuff but it's not enough because everybody wants to do the best I think managers got to think with politicians

when you see a younger politician he's like I'll be the best politician ever I'm not doing this kind of stuff but when you are different position and you see the game from another position how you can understand was enough was not enough so cash is not enough because you have a you have um whole process for example I really like this singing thing today but people go ah I I improve the scissors budget and that's the kind of thing as a manager that you need to think and when you I see like engineer you not thinking about it you're not not thinking about how the company spend money you are not thinking about how people gr the careers you're not

thinking about salaries but now that's how your regation you need to think about that but they think start to solve it that's enough that's good right you see the problems I we're going to create something new we're going to build something new and then is for you so most of the managers come from technical background and here talk about soft engineer secret engineers and everybody got this thing that feel of missing out so you are helping with a lot of stuff you helping the CSO you're helping the other the managers but you see your team doing the job but you are not there anymore I was a manager of a head team and to be fair I really love it to be a

head team because it's nice to bre FS but I start to see that the people are doing that kind of stuff and those stocking meetings I was think about career and you start to thinking I missing something I miss the new technology I miss what I'm doing and how you do with it and why because you're not anymore right so you're not working with the team we not doing R and so on but you miss that and find the equilibrium is the most hardest part there's a survey about managers that most of the managers do not St anymore and that's bizarre because we are at the moment in the industry that if you got to lay off you are a really good maner

about how you going to pass like techs how you going to P this kind of stuff so find the equilibrium is really hard so the most for is that okay you start to ask too many question your team why why you do that when you do that how much time take because you are a fear of missing out so start to M manage and that's the most compete fall from your managers because they want to be the team but they don't have the time so they took time for the team to explain everything in every detail but you don't need to know every single detail has in the past and no but like that if you are

if you are engineer that got a micromanager manager is really stressful because you start to feel fear like I doing much work I explain well and you cannot have the space to brief so you now dealing with people how I can still make people be happy and the most important thing is that how I do that understand what they are doing and we got a second question here okay you you need to different positions and the expectations will be different and then the beginning is really hard because your expectation is to if consultant like to deliv some things to our partners if you're engineer to deliver some projects but how you do with that how you remember second power

fness out and you keep count because you are the boss now and I don't think the boss has the position a great position but a motive to one that you need to change your mindset to work with so we got our second lesson the that you got a new set of expectations and now there's a thing that I said five sides AG that upper management so when you engineer you only look at your manager when you're a manager you need to look at se levels you need to look at group managers to understand how they are set the expectations for you and how you dealing with that kind of expectation and everybody know that communication is key right you are

manager you need to understand what people doing you need to personal stuff you need to communicate but how you do that in different LS and to be fair this is really really really difficult because you got different stakeholders if you're engineer you got your manager maybe you got like a partner but pretty much you can count in your hands the people are looking at your work and you need to communicate when you got like a whole set of people that need different information of you how you can do that kind of communication and that's the main problem here and again as a person that do some immigration when you come to a new world of communication when you

come new country you you need to start again so everything that you did learn the past and I always like to do analy so we have to buy our we know how to buy house Brazil it's fairly easy but he is different because different cuture different expectations and so on so that's the same here you need to have a new part of communication you need to understand how you going to show things different way that you are showing as engineer but in a way that engineer can understand and the C Level can understand so on there's a fre lesson here that's Karu and I really like that one because I think that's the most important thing for career not thinking

about engineers not think about men that if you have a combination it's not expensive so the main idea is write it up people really like too much on or communication and that's really bad because we forgot we are doing like five six things a day so if you have everything that you do write up for you it's not for a manager it's not for the celebr for you to understand in three months time what what are doing the p and we got this thing with impos s that we forgot really is the good thing that we did but we are remember the bad things that we did that we think are bad so when you write that up as a manager

as engineer you can look in the feature oh I took that reason I took the action because of that reason so on and thee transition from the Brazilian f is that combination is not expensive so if you have like the set of expectations between you and your manager you and your engineers you really easy find way to everybody look you'll be fairly easy to talking like oh in three or six months we expect that you did that but you not do it or you did so much more than and so on and we got a third P here that's pretty much you have two years in one month so when you a manager you need

to understand what people are talking and you need to digest this kind of thing and that's a thing about being a manager that's diff because if you care a lot about people you can get so motion involved in things that you cannot solve so you need to hear more and talk less and how you dest this kind of thing how you take actions is the most important thing here well change is hard right you are in the field you are working there you are thinking about this kind of stuff but who did see all the wrong things right you are there you are seeing that oh the compan is not thinking about security we're going to change we have

the managers now we're going to change everything thing it's the same thing that I did with knowledge of Poli politicians but every story have at least two size right so when you was engineer you know the problems engineer your perspective is for engineer but now you're manager your perspective is really different right now so you have new information you have new knowledge there's a really good thing in that a fun guy was saying is that you got that engineer that soes everything that gu was really great and everybody on the like oh that guy is really the best he's so and when we became a manager this became a problem because you got one person that SES a

thing you got the superhero stuff but if the superhero leaves the company if the superheroes got sick how the team is growing so for the team sometimes really great because they have a sec secret place to go like I would talk with this person he so very F but as a manager this is really dangerous right because people need to take all people need to change up sometime their life and you don't think about that when engineer because okay this person help me but as a manager you got this kind of perspective to understand well why this kind of thing can happen is this good is not good and so on and you get way more

close for the business part right because when we engineer you're doing stuff you are the living projects you the living test but now you need to understand we really want to do disant test for this client we really want to get this kind of we really want to have this client so you are really more close to the business to engagements to sales to this all kind of stuff as an engineer you don't think about it because it's not your expectation and this change a lot because you start jointing out whole play of meetings and you are not playing anymore you are not doing code you are not doing pest you are not doing new

defensive detection tring but how you can handle that how you can work with the idea that you that you have a lot of meetings and no play and you got this feeling man ah I working a consulting company right so most of my Consultants Engineers they are allocated to a company for 40 hours and I own meetings and discussing stuff and this hits really hard when you do Transition because like I know as engineer what they delivering I know how much they work worth it but as a manager how much my work worth it how that's the thing where am I right now so we do that with doing checklist I out person I do a lot of thing with

really writing by hand but the idea is that if you have met you have dat of things we are doing in the end of think you can say okay this meeting solve that this meeting I got this position this meeting I got this conclusion and this meeting what was waste of time so the main idea here is that if you have a checklist if you understand it's a good meeting you start to consel meetings that's really nice because you start to feel feel time for people and again you have the idea that where I en joing p and that's the nicest thing you need to understand that we need managers I this kind of guy that we need

one manager for like eight Engineers but you need to understand that the position of manager have this proposal this idea and that's the main focus here and that's thing meetings are annoying so I really like this slide because this was survey and most of the buildings to be fair could have me a mail but this really clashes with the thing I was saying in the past most of the manag got like Fe of Miss out and and the easiest way to not missing out is to ask people in meetings so you start to mro managing and that's the kind of loophole that we want to rate people understand that you can do more sick work you can understand

what people are doing with presentations like one time per week and not meetings all day long and that's again you need to understand how you manage your time and for me that was really different than the beginning because I really want to be in all the places everywhere and the first time I became a energ I almost have a br M because I was working like 14 hours a day because I need to talk with engine I need to do some he exercise and I need to talk with the with my stakeholders and it was really different because I want to be in every place every time everywhere but again I have another things so my work life

balance go really straight down and I need to start to say no and it's strange because I am yes person I pretty much look like that movie with j yes yes yes so when I start to say no really struck me because it was difficult like oh I letting people down or I'm not giving much attention for some Engineers that want to do like daily to daily one but you have a lot of other stuff and you need to think about your work and life balance because you got this pressure because you're not only dealing with technical stuff and while you're dealing with people and if you are not a cold heart when you deal

with people it's difficult because you are afraid to hurt what expecting about careers and life and so on so we need to start to say no and when you need to start to say no is to think how can I prioritize what's important and how I can delegate some things and that's the thing about you need to say know is that you are one person you are one manager so you need to start to delegate and you think after that everything be great right and be a manager is okay you know how to delegate you know how to take off of your F out but there's a thing that's really bad that call layoffs and if you have the

unpleasure experience of fire person that's the kind of thing that's really bad but really M you as a manager because you need to understand how the bondar work and how the business work and sometimes when you understand that the business is running really bad it's time to live the C to because after all we are human right and some people don't work together I have two great engineers really really great but they pretty much hate each other and I did spend like five months trying to make this works and from the beginning a senior man just told me that you are wasting time because they never work together because of this kind of difference and that's again the no thing

right if I knew at the time how to say no I can see that some people can work together so this kind of difficult thing is the most important things that mod you as a manager and again you don't have control with everything so I was really joing some and you have control of the environment right you got your scope you know what you're doing if you're doing code you know what you going deliver in how many time but as a manager you need to embrace the cures right you need to understand that some things are not really easy and that's nice there's a thing we talk about CL Cloud CL in general that's cows

engineering for Netflix for example got a thing called the cows monkey in some times they un propose inject inject inject some fails in the systems to know how the engineers will deal with the chaos and this pretty much the life of a manager people be like injecting some chos in your environment you need to deal with it in the in a proper and faster way and feedback is hard really because there's a thing that I really like about feedback is analogy that call sandwich like most people give feedback like oh you are really nice and completely destroy the pencil but you are doing great so understand how to do feedback how to create a career plan and

understand that it's hard because you don't have like a cake recipe to do that is the first most important thing when you start to do one to on and think about career of Engineers and career two-way road if you are a manager that is only thinking about career thinking about one people will improve and the person itself is not thinking you need to understand that you won't have a part here and you need to be really careful because if two people don't want to do one by himself will not solve it and that's that's best part the manager to be fair is to see people growing right when you see a person got promoted or got another job that's

really great because you feel that you are doing the right thing and this feels great right people are growing you are serving things and so on and you create new managers I think my best experience as a manager in the last four years was to create two more managers that were really senior Engineers that want to be managers and and you see that people want to enter in this path and be there is nice because it's really great to see people growing one thing that I really like about cedit measures is the idea that if you are engineer technical engineer the great idea is to do a pen so sometime you'll be a manager and afterwards you

be to another place on the same component and be engineer because people can be great and amazing Engineers that's really nice and the same people can be really great and amazing managers but I never seen a person be a great manager and a great engineer at the same time only at the cost of his personal life and we really don't want that these are really simple C study because we most on the finish of the presentation is that the differ reponse about the SEC Eng manager SEC engineer the manager he pretty much watching these things in the back officing he understand how to coordinate how to conduct and how to improve and the engineers itself are working there so

this pretty much illustrate the idea of a engineer will be in the field and the man will be helping from the back office so I really like to do that I really like to think about book accommodations these ones are really CR ones the me be is really nice for good engineers and star and they got this fig personas so my name is Marcus and I got the marus Persona that was not expecting that was a people pleaser and it was really difficult to understand that was a people pleaser because not saying no I want to be that every second and the idea to understand how other manag was doing was really nice we got that one

it's really focused on engineering is that okay you became a manager you don't have like a bu on B how you do it how you work with it how you do the simple to simple day today basis and you got managing humans right we are talking about people here we are not talking about CST anymore how the May idea that we can work with humans but if you notice I was talking about security engineer and we don't have any book B about security Engineers right and that's the thing it's a new thing right we don't think about people doing dabs and security for I think for the last three or five years we start to talk about so

we don't have lure we don't have this kind of Stu so you need to get these books you need to get this information understand how I can get that and put in the secret way how can I understand how security Works different from engineering and how security works we to engineering so thanks again to my wife thank you for much to be here today and you have any questions no questions was was this bad really good things so thank you so much people