

Why you might not want that high-paying cybersecurity job - subelsky
http://www.subelsky.com/2010/08/why-you-might-not-want-that.html

======
tptacek
"Cybersecurity" work in San Francisco means working with startups and the tech
giants.

"Cybersecurity" work in Chicago means working with derivatives trading and
exchanges and large enterprises.

"Cybersecurity" work in NYC means working with the big financial and media
companies (and, presumably, over the next couple years, more and more
startups).

Cybersecurity work in Maryland means working for government contractors.

This article is chock full of valid points but might be more of a cautionary
tale about working in the greater DC metro area. Contrary to what this article
would have you think, most high-end security work is _not_ done for the
government.

~~~
subelsky
That's fair - I'm sure I am biased by my experiences working on this stuff in
the DC/Baltimore area, but I still think my first point, about the danger of
becoming merely a gatekeeper, applies widely across all those sectors.

~~~
joshwa
s/cybersecurity/government cybersecurity/

------
vishaldpatel
TLDR Version: Its really not bad. You'll make pretty good money, in what is
otherwise a 9-5 job in a large company. You won't get to use as many toys, and
you'll sometimes be told to leave your own toys at home. The job will also
involve dealing with people and politics.

~~~
megablast
Plus, there are a lot of restrictions that will annoy you (like not being able
to ride to work, leaving you phone at home, possibly no internet access), and
you may be forced to use Microsoft for everything, not the best tool for the
job.

There is not much worse in my book, at a Microsoft shop where they refuse to
consider anything else.

------
dguido
"Cyber defense is often the opposite of a creative activity."

Security can also be about identifying and mitigating risks to make a formerly
unprofitable certain loss into a viable business opportunity. Big picture
example: how many US banks would have offices in China or Russia right now
without the help of security professionals? It's not _all_ about bopping
people on the head.

~~~
subelsky
That's good to hear. Where I was (both in the private sector and the public
sector) we seem mired in managing the complexity of the tools, which prevented
us from being creative in this way. Perhaps that's the real opportunity,
making a new generation of tools that's easier to use (or figuring out how to
better train people in these skills)

