Day in the Life: Anniek, Application Security Specialist at Rabobank
Discover how Anniek, an Application Security Specialist at Rabobank, helps DevOps teams build more secure applications. From running threat modelling sessions and developing training tools to fine-tuning security scanners, Anniek shares what a typical day looks like, and how she switches off afterwards with hands-on hobbies like sewing and brewing.
Name: Anniek
Job: Application Security Specialist
What do you do in your role?
I try to support DevOps teams (a cross-functional group of engineers, IT professionals, and operations staff working together to automate software deployment) to make sure they are creating secure applications. There are lots of different aspects to that: In my team we create and teach training sessions on all kinds of security topics like threat modelling, defensive coding, common vulnerabilities, or certificate management. We're also involved in configuring the best possible rules for security tools like SAST code scanners, or trying new tools to see if they would be worth having. And we try to tailor all that specifically to the infrastructure and procedures Rabobank has, so that it's directly relevant to the development teams' daily jobs.
My background is in security testing, so I'm always looking at security from an offensive perspective. But now instead of finding vulnerabilities, I'm trying to stop them from being created in the first place.
Here's what a day in Anniek's life looks like!
8-9 AM:
Grabbing a sandwich at that station for my (hopefully) smooth train ride to the office, which is right next to Utrecht Centraal. Or making my own breakfast if I'm working from home.
9-9:30 AM:
Like many other teams, we start our days with a standup to discuss what we're working on and any interesting news, requests, or ideas that have come up. A quick look through my emails and calendar for the rest of the day.
9:30 AM-12 PM:
Doing some development work on an intentionally vulnerable application that we're making for one of our new training sessions. We want to use the app to demonstrate the security holes and show developers how to fix them.
12-1 PM (lunch):
Lunch with the whole team in the office cafeteria, or the occasional walk to the city centre for an Italian sandwich.
1-2 PM:
Joining a DevOps team for their first threat modelling session. I help them identify potential threats to their application and how to mitigate those.
2-4 PM:
More programming work on that vulnerable demo application.
4-5 PM:
Quick meeting with a few colleagues for an awareness presentation we're putting together about certificate rotation and key management. Then adjusting the slides based on the notes I took.
5-6 PM:
Leave some notes to myself for the things I need to remember tomorrow. Then a short walk to the train station and going back home.
How do you unwind at the end of a workday?
After a bit of online scrolling on the train home, I like to go offline and make something with my hands: sewing, brewing, making craft cocktails, or dipping my toes into random new hobbies.
What do you love about your job and your employer?
My colleagues are a fun bunch; we all have slightly different areas of expertise when it comes to security, and we love learning from each other and helping each other out. We get a lot of freedom to choose our own priorities, so we're always working on something that we feel is the most useful thing to do right now.
Curious about the career opportunities at Rabobank? You'll find all the latest on events and jobs on the app. Check out their open jobs here!
