Why you might not want that high-paying cybersecurity job (opens in new tab)

(subelsky.com)

35 pointssubelsky15y ago8 comments

8 comments

8 comments · 3 top-level

tptacek15y ago· 3 in thread

"Cybersecurity" work in San Francisco means working with startups and the tech giants.

"Cybersecurity" work in Chicago means working with derivatives trading and exchanges and large enterprises.

"Cybersecurity" work in NYC means working with the big financial and media companies (and, presumably, over the next couple years, more and more startups).

Cybersecurity work in Maryland means working for government contractors.

This article is chock full of valid points but might be more of a cautionary tale about working in the greater DC metro area. Contrary to what this article would have you think, most high-end security work is not done for the government.

subelskyOP15y ago

That's fair - I'm sure I am biased by my experiences working on this stuff in the DC/Baltimore area, but I still think my first point, about the danger of becoming merely a gatekeeper, applies widely across all those sectors.

joshwa15y ago

s/cybersecurity/government cybersecurity/

dasil00315y ago

That said, the article was clearly framed in the context of Maryland, so I think it's a pretty fair assessment.

vishaldpatel15y ago· 1 in thread

TLDR Version: Its really not bad. You'll make pretty good money, in what is otherwise a 9-5 job in a large company. You won't get to use as many toys, and you'll sometimes be told to leave your own toys at home. The job will also involve dealing with people and politics.

megablast15y ago

Plus, there are a lot of restrictions that will annoy you (like not being able to ride to work, leaving you phone at home, possibly no internet access), and you may be forced to use Microsoft for everything, not the best tool for the job.

There is not much worse in my book, at a Microsoft shop where they refuse to consider anything else.

dguido15y ago· 1 in thread

"Cyber defense is often the opposite of a creative activity."

Security can also be about identifying and mitigating risks to make a formerly unprofitable certain loss into a viable business opportunity. Big picture example: how many US banks would have offices in China or Russia right now without the help of security professionals? It's not all about bopping people on the head.

subelskyOP15y ago

That's good to hear. Where I was (both in the private sector and the public sector) we seem mired in managing the complexity of the tools, which prevented us from being creative in this way. Perhaps that's the real opportunity, making a new generation of tools that's easier to use (or figuring out how to better train people in these skills)

j / k navigate · click thread line to collapse

8 comments

8 comments · 3 top-level

tptacek15y ago· 3 in thread

"Cybersecurity" work in San Francisco means working with startups and the tech giants.

"Cybersecurity" work in Chicago means working with derivatives trading and exchanges and large enterprises.

"Cybersecurity" work in NYC means working with the big financial and media companies (and, presumably, over the next couple years, more and more startups).

Cybersecurity work in Maryland means working for government contractors.

subelskyOP15y ago

joshwa15y ago

s/cybersecurity/government cybersecurity/

dasil00315y ago

That said, the article was clearly framed in the context of Maryland, so I think it's a pretty fair assessment.

vishaldpatel15y ago· 1 in thread

megablast15y ago

There is not much worse in my book, at a Microsoft shop where they refuse to consider anything else.

dguido15y ago· 1 in thread

"Cyber defense is often the opposite of a creative activity."

subelskyOP15y ago

j / k navigate · click thread line to collapse