
Ask HN: Career advice for the next years? - anon0938
First a little background:
I`m in my mid 20s, worked my way up from a help-desk position. Done 4years of sysadmin work and i am currently employed in of the largest Scandinavian based firms.<p>My day to day jobs consists of daily operation of various software solutions (mostly java applications), projects (kubernetes is the new hot thing) and various other sysadmin related tasks.<p>I have been approached by several people that want me to jump ship and join another department and or firm. But I`m not sure what i want going forward in my IT career.
I have two offers coming to me in early 2019, one is joining a penetration testing team, enrolling in a 6-12 months insane learning program. The other is joining another firm where i will become an Azure architect.<p>The problem or rather what i feel insecure about is that i don`t know enough, especially for the penetration testing gig. I don`t know programming in general, yes i have tweaked some php&#x2F;bash&#x2F;python&#x2F;go code but never made anything from the ground up.
So I`m debating if i should move away from my &quot;comfortable&quot; position where I`m usually praised and involved in a lot of projects and I`m making a big positive impact, for both customers, colleagues and the firm. To a new position where this will be limited (atleast for a couple of years) in both skill, earning potential and possible impact I`m able to do.<p>I`m basically looking for advice, if someone has been a similar dilemma and would like to share their experience, then that would be really appreciative.
======
sjg007
Do you want to learn to program? Or do you enjoy the higher level design
ideas? Penetration testing will be closer to what you are doing now from a
sysadmin level but you will learn security models and largely write scripts to
test systems. I would not be fearful of this role, you can do it.

The architecture role will be design oriented. Do you understand what
Azure/cloud offers your business? Things to consider: how will you do identity
management, backups, security models (VPN etc..), etc... You're goal here will
be more at the business level and how you "scale" your IT processes with
respect to achieving those goals (and reduce COGs).. Azure is effectively
infrastructure as code, which reduces the demand for system administrators
since your physical machines are now virtualized. An architect will probably
not code very much, penetration tester will write basic scripts to do much of
the work... Architect is more about consensus building/collaboration/project
management, penetration testing is more of an individual contributor role.
These are of course basic descriptions of the roles.. they may vary in
implementation wherever you go.

Going from help desk to system admin is a bigger leap than sysadmin to pen
tester in my opinion. Fear not! If you meet like 50-70% of the reqs you're
qualified.

~~~
anon0938
Im one of the guys that are pushing company to be more cloud friendly. The
finance technology is rather behind what is more common today, so we are still
behind on a lot of the newer "DevOps" stuff so to say.

But yes I do really enjoy the higer level ideas/work that Im doing, of course
that entails a lot of "people" and collaboration work but Im really enjoying
it.

One of my worries as a pentester is that I will go from more of an
architecture/sysadmin role to an individual who just deliveres reports to some
developer or project leader. I feel like the work I would do will give a
lesser impact that the work Im doing now. (If that makes any sense)

~~~
world32
Pen testing is a broad field, you can have some jobs where you will be trying
to hack into very important applications or networks and your work will have a
huge impact. Or you can have other jobs where you are just running a few
vulnerability scans and writing a report based on that. The same as any other
field really.

I wouldn't worry to much about not being able to code in order to be a pen
tester, an advance level of coding really isn't necessary.

I would ask why do you want to change your job? Are you unhappy with your
current job? It sounds like you enjoy it. Keep this in mind because starting
from the bottom as a pen tester will be very difficult if you are coming from
a high-level role that you enjoy in another industry - you will have to
realllly want to become a pen tester in order to start over from the bottom
and work your way up. I say this from experience too as someone who spent
about a year as a pen tester but decided to go back to my old career because
it was not worth spending years to get to the same level I was already at.

------
nelsonic
@anon0938 Always take the option that pushes you away from a "comfort zone".

The best heuristic you can follow for career is: Do what you are most curious
about and meets your current & _projected_ financial needs and still allows
you to spend time with loved ones (where applicable).

I have consistently selected jobs/work where I'm most likely to learn in the
areas I'm curious. Pen-testing (one of your options) is a great area that is
only going to grow in demand. As Marc Andreessen is often quoted as saying:
"Software is eating the world". The problem is that the _vast majority_ of the
code that is written is _insecure_!

If you are able to do the 6-12 month learning program and it results in a
certification, that certificate is a "safety net" that you get to keep for the
rest of your career whatever you do next!

I did something similar and have no regrets. It opens doors and being the
"security expert" on a software project means you always get consulted when
something mission critical has to be built.

Once you have enough cash, invest it in cashflow-producing assets so you have
an additional stream of income (if you don't already...). Then you can afford
to re-think what you do with your time and do _exactly_ what you want with
your life.

If you feel "insecure" write down _why_ you feel that way. If you don't
already keep a journal, start today. Write down your thoughts on why this
decision is difficult. And refer back to your writings on a regular basis to
"check-in" with yourself.

Bottom line: invest in yourself. keep your learning curve _steep_ and switch
jobs (upgrade) whenever you feel that you are no longer learning. This might
feel like a "lack of loyalty" to your employer, but the fact is that you will
be more valuable as a team member the more you learn, and if you can impart
your knowledge on a given project in 3 months, why would you stay there for a
year?!

I started contracting 6 years ago and have never looked back. The money is
_much_ better than "full time" and it's also _way_ more flexible. If you
develop the skills/credibility, you will never be without work. And if you
cannot handle the "uncertainty" of contracting, you can always get a full-time
job again.

~~~
anon0938
Thanks for the lengthy feedback, om wondering "invest it in cashflow-producing
assets so you have an additional stream of income" I`m allready starting to do
this by investing in various stocks and index funds. But maybe this isn't what
you had in mind?

Regarding insecure, I would say that is mostly because the more I learn, the
more I know that I dont know. And I dont like not knowing something, so i
guess that is what bothers me. And when it comes to pentesting i guess that
feeling will just get worse. I will pick up on the idea of keeping a journal
tho, if it helps id gladly write in it.

How did you start contracting? What skills are you "selling"?

------
nicolashahn
I'd go for the pen testing gig. I think security will become more important in
the coming years and is a more secure and interesting place to take your
career. I wouldn't worry about not knowing enough, sounds like they're going
to teach you from the ground up based on the extent of the training program.
Just ensure your fundamentals are solid, don't worry about specific
technologies. Good luck.

------
p0d
Poke most devs and you will find that the sysadmin stuff unnerves them. Talk
to a sysadmin about their programming skills and they will start to twitch.
The lesser known is always more intimidating and fascinating than what we
already know.

There are good, bad, exceptional penetration testers and Azure architects. You
are young and already being endorsed for your workmanship. If you interview
without telling lies and get the job then go for it.

------
contingencies
Take the pen test angle, even if it doesn't pan out you will learn more than
'cloud architect', which is basically fluff. If you can't build, break and
maintain systems, you will suck as an architect anyway.

------
world32
Honestly it sounds like you are happy in your current role. Don't just change
jobs because you feel you have to (i.e. to "get out of your comfort zone").

Also based on what you've written, it sounds like the Azure architect will be
much better suited to you than the pen tester role. Not necessarily because of
what skills you have but because it seems you like being involved in projects
where you can create/manage something. As a pen tester you will likely work
for between a few days up to a week for each client, you will do the job,
write the report and be done.

But don't think that because you are comfortable this is necessarily a bad
thing. "Get out of your comfort zone" is good advice for somebody who lacks
ambition and refuses to change their ways but you do not sound like that kind
of a person.

------
danharaj
If you're leaving your core competency for a new challenge then you want to be
working under people who will nurture and cultivate your abilities. If you
know and trust who you will be working with and you know you can do it, you
will be fine.

------
alexgotoi
I would suggest to listen to Yuval Noah Harari’s talks about the jobs of the
future. Basicaly, he is saying that you should focus on emotional inteligence
and the ability to learn new things.

------
piecu
My advise will be probably different: do a job that gives the highest salary
and try to invest in something that gives you some (near) passive income.
You're young so you have many possibilities and your earnings can be almost
endless. Then in several years you will be selecting job only by they fun-
ratio.

------
seaurchin
Do small side projects to explore various areas of IT. Pay attention to things
you find fascinating. That fascination will help pull you through the
inevitable tough times should you choose to work in the particular area. The
particular area of IT that you discover might surprise you.

------
y0ghur7_xxx
I think you should do what you like most. There is money to be made in both
sectors (pentest and cloud), so imho choose what you think you will enjoy most
in the coming years.

