I’m biased – I worked on Twistlock and StackRox so k8s security is deeply tied to cloud-native security in my head. Trying to work around my bias, what I would say is that there aren’t a ton of security engineers who understand containerization, Kubernetes, and everything that goes with it (including, to take on your third question along with the first, DevOps & DevSecOps). If you find this area interesting, I suspect these will be valuable things to know.
Terraform
It might be my bias talking again. For most security engineers, I suspect understanding the cloud resources that are being managed by Terraform is more important than knowing Terraform deeply. I would (and have) learned enough Terraform that I can read other peoples’ work but not necessarily build a ton on my own without repeatedly searching StackOverflow.
I’m biased – I worked on Twistlock and StackRox so k8s security is deeply tied to cloud-native security in my head. Trying to work around my bias, what I would say is that there aren’t a ton of security engineers who understand containerization, Kubernetes, and everything that goes with it (including, to take on your third question along with the first, DevOps & DevSecOps). If you find this area interesting, I suspect these will be valuable things to know.
It might be my bias talking again. For most security engineers, I suspect understanding the cloud resources that are being managed by Terraform is more important than knowing Terraform deeply. I would (and have) learned enough Terraform that I can read other peoples’ work but not necessarily build a ton on my own without repeatedly searching StackOverflow.