(also the obligatory note: no HTTPS for a webpage about cryptography?)
Ooof first line. That's like saying math refers almost exclusively to physics. Grabbing that name from a well respected and popular book as well.
intro to classic crypto. Not so practical in 2016?
Wheres the circa 2016 https?
What about authentication?
If you are _really_ good at cryptography engineering --- that is to say, top-of-your-field good simultaneously at systems engineering and cryptography --- then there are fairly lucrative jobs you can get either as a consultant for a firm like Rambus/CRI, or as a crypto engineer at one of the big tech firms.
Unfortunately, if you're not that person, or you can't live in California, the answer is a bit fuzzier.
There are some big obstacles to working in the field:
* The overwhelming majority of crypto is built (poorly, dangerously) by amateurs, and there's no real force in the industry to change that.
* The overwhelming majority of crypto is built as, at best, a feature of a much larger product. Even when crypto is critically important to the value proposition of a product, in terms of lines of code or commits per year, it's usually not that big a factor. This means that even projects that need good crypto tend not to have a headcount allocated just for crypto (it's also a major reason why most crypto is done by amateurs).
* There are good jobs breaking crypto, but not that many of them. Being able to reliably find cross-site scripting is --- at the firm level at least --- more lucrative than being able to reason through a practical exploit for an unknown key share bug. There are crypto pentesters (with extremely high bill rates), but that brings you back to "top-of-field for multiple disciplines".
* You can, of course, make an academic career. You'd go for a PhD in cryptography, and then either stay in school as a professor, or join a research group at one of the big tech firms (this is a different job than crypto engineering at one of the big tech firms; your principle job will probably still be to publish) --- so far as I can tell, those research group positions are exclusively staffed with PhDs.
That's not to say people shouldn't study crypto! They absolutely should: it is mind-expanding in ways orthogonal to the other specialities engineers take on to expand their minds. It will make you a better systems programmer. It might make you better at software security, too (it might not, though). It will, at least, mean that when your project is called on to, I don't know, encrypt a password reset token, you'll be able to do that competently.
Cryptography is a huge field. Pure mathematics? Cipher implementation? Systems design using crypto? Hardware concerns involved when implementing crypto? Crypto vendor? Crypto consumer? Analyst of crypto systems (compliance, approval, etc)? And yeah, as your snarky interlocutor says, the IT guy that handles the "hard stuff" like certificate renewal[sarc]? The choices are so enormous that even "specializing in crypto" isn't much of a specialization at all!
a) there are companies working on products with tight security requirements. if this is a respectable company, you'd probably spend most of your time examining and evaluating existing solutions and maybe review the use of said solutions by your own programmers. (i'd say this is usually more "security" than "cryptography" though)
b) there are companies working on their own cryptography schemes. those are not per-se snake oil, but ... it's complicated. few have the resources and the structure to do this right. skype, for example, rolled their own closed source implementation. back then we've been told: "trade secret, but trust us, we've done it right and we had independent experts review this."
c) security review: be the company/expert that skype hires to evaluate their cryptography while under an NDA (?)
d) pen-testing: maybe? not sure if this is realistic. get paid to check company security (network, servers, general infrastructure) for weaknesses. they might employ cryptographers?
e) research: probably the most likely area. crypto development usually has to happen in the open, otherwise it's not trustworthy.
f) intelligence agencies. NSA and co.
1. If you're super amazing and a math wiz, you might get to design some algorithms.
2. Implement algorithms correctly or advise companies about implementations.
3. Teach crypto.
4. Bully companies that implemented something incorrectly (jk).
Binary "invention" - http://www.computinghistory.org.uk/det/5913/Gottfried-Wilhel...