Mapping a Road to Success as a Security Engineer

A lot to go through here - Thanks for sharing all this detail! For the future though, I recommend breaking things up across multiple questions. This will get you more targeted answers, which are hopefully higher-quality as well.

After doing some thinking on how to respond, I'll split things up into 2 big buckets:

1. General Thoughts
2. Targeted Replies To Individual Pieces (across multiple comments)

General Thoughts

• I'm not a security engineer, but from my experience, growing from senior -> staff usually has common themes across different engineer types. For example, a lot of the Staff Data Engineer stories I see aren't too different from Staff Software Engineers. Getting to staff level is usually about developing and deepening fundamental behaviors, many of which you alluded to (increasing influence, leadership, working XFN, identifying impact, etc).
• The first step for any promotion (especially one as difficult as staff) is to talk to your manager. You should have an honest conversation with them about this if you haven't already - From there, you can come back to the Taro community with more targeted feedback from your manager and follow-up questions on those. Check out our recent masterclass to learn how to do that: [Masterclass] How To Work Better With Your Engineering Manager
• You should learn more about Staff Engineer archetypes if you haven't already and do some thinking about which one resonates with you. I'm bringing this up as you ask for a "roadmap" to staff and it largely doesn't exist due to these archetypes. I recommend this discussion to learn more about those: "What does a path to staff look like in a coding-heavy environment?"

Once you go through the above, I recommend going through our L5 -> L6 playlist as well: [Taro Top 10] Senior Engineer To Staff Engineer (L5 To L6)

Thanks, Alex. I think I have a lot to read based on your response. I will go through them and come up with follow-up questions. One thing I want to emphasise is that my goal is not only to get promoted but also to gain visibility in the security community.

I've observed exceptional performance by certain engineers and have often wondered how they can think outside the box, achieve skip-level promotions, and grow exponentially within the company. Do they have mentors?

The people who grow really quickly generally have good mentors, and their primary mentor is generally their engineering manager (EM). This is why finding a good EM is so important, and why we gave an entire masterclass about it: [Masterclass] What Software Engineers Should Look For In Their Engineering Manager

How can one find a mentor...

In terms of finding a mentor, I recommend this discussion (go through the resources I linked there as well): "How do I find a proper mentor within my company?"

External mentors can help a lot too (hence Taro), but the highest leverage mentorship is someone internal to your organization as going from senior -> staff requires a lot of institutional support.

...and how do you determine if you need a mentor?

Nobody explicitly needs a mentor - You can theoretically self-solve every problem you get. But it's obviously very nice to have, and it can help a lot. The tricky part is finding the mentor and convincing them to invest their time in you.

How can I enhance my visibility in the security community...

Unless your company has a crazy high bar, I don't think senior -> staff would require visibility within the overall security community across the entire globe. Being a leading voice in your organization (think director level) should be enough.

In terms of how to do that:

1. Put yourself on high-visibility projects
2. Run into the fire on the largest production outages
3. Volunteer yourself for presentation opportunities like brown bags and writing blog posts
4. Answer a lot of questions when coworkers ask for help (and prioritize bigger surfaces like large Slack channels)
5. Be good at sharing work in general (writing project updates, creating design docs, cc people fairly aggressively)

Here's a good thread on how to write good project updates: "How to get more visibility on work?"

...and maintain consistent motivation?

This one's much harder. In a nutshell, you need to:

1. Work on something you enjoy
2. Work with awesome people

Achieving just 1 of the 2 is deceptively difficult.

For #1, I recommend: How To Discover Your Work Passions And Hatreds

For #2, I recommend: [Masterclass] How To Choose A Good Company And Team As A Software Engineer

If I find myself stuck in my current role, because of limited openings in my current location, what alternative things can I explore?

1. Create your own scope
2. Change teams
3. Change companies

For #1 (it's pretty much required for staff anyways), I recommend: [Taro Top 10] How To Create Scope As An Engineer

How can I develop multiple skills to operationalise application security engineering in a team? What does even operational excellence mean?

In order to operationalize things, you need:

1. Great communication and planning skills
2. Lots of social capital
3. A deep yet holistic view of the system you're trying to improve
4. Excellent technical writing abilities

For an excellent case study of all these, I recommend watching this: [Case Study] Revamping Oncall For 20 Instagram Engineers - Senior to Staff Project

To learn all the skills behind those 4 points: "What are software engineering fundamentals?"

In a situation where an E5 and their plus +1 are more focused on self-growth rather than team growth, and everyone is preoccupied with convincing their managers and leaders to consider them as potential candidates for their next promotion, it can have a detrimental impact on the E3 and E4 team members who are actively performing their roles but may feel disempowered and stuck in their careers. To address this issue, you can consider either working with the current leader to improve the team dynamics or exploring the possibility of moving to a different team under a different leader. How can we better strategize ourselves in such a situation?

How can I maintain consistent motivation, as motivation may fluctuate?

Part of this comes from being consistently productive. Check out the masterclass on this. Embedding two points directly:

• Focus on just 1 thing - Have a goal for every single work day.
• Find an accountability partner - Peer pressure is some of the most effective pressure there is. Find someone who you care about and is counting on you.