Any particular reason why you aren't taking a job in the infosec industry directly? Compared to being a RoR dev, I think you could be paid much more and have more interesting work.
Helping manage secure dev practices for startups is of course very important, but I think that would be much easier to do if you're either in some kind of CISO or appsec management position in the company, or are part of a third party auditing/pentesting firm that deals with startups.
Helping manage secure dev practices for startups is of course very important, but I think that would be much easier to do if you're either in some kind of CISO or appsec management position in the company, or are part of a third party auditing/pentesting firm that deals with startups.