I have tried, and tried, and tried to teach web security to web developers, but I never felt like I was doing a good job. Today a better approach occurred to me: Have the developer write a simple application with all of the OWASP Top 10 vulnerabilities.
If you over specialize you will die a slow and painful death. No matter how much money you’re making being the soul living expert of a legacy system or technology, it will catch up to you when you inevitably have to switch jobs. The flip side is that if you over generalize, you won’t have any marketable skill, as no one will know what you’re good at and therefore how to use you. The best approach is to pick a specific area you’re passionate about, and become a generalist with a high degree of proficiency in all the relevant skills.
You can only propose a solution to a problem if you have knowledge of how to solve the problem. This is a indisputable fact. If you have lots of knowledge of how to solve a problem, you can propose lots of solutions. However, if your knowledge is limited…