Preface: So this is just my own opinion, and I would love some more insight to this.<p>Having read tons of these guides, attending classes for security, and etc... These guides always feel like they are a mile wide and an inch deep. In other words, the scope is extremely broad and the content has little depth. They are great guides for sure... for starting out. I'm not sure how useful they are once you get past the beginning stages. There are many security students in my school who think they can have a successful career in security without knowing the least bit of code. Granted I'm a student, but double majored in security and programming.<p>It seems that all the people I know who are actually in security actually know how to program and understand the software at a great depth than those who just run through a few of these guides or attend classes or whatever. Of course my perspective is probably more narrow than most since I don't have experience in the field.<p>I don't know how you can reasonably secure software without knowing how it's made. From my perspective I think that learning to program has taught me much more about software security than my security classes have. So I think the first step of becoming a security engineer ought to be learning to write software.