Is Cybersecurity a Good Career
This isn't a KB telling you what the former glory of cybersecurity is, how people have capitalized on it, and how it's now become a race to the bottom. While true, reminiscing is a sign of depression. And I'm not depressed. I am hopeful, and this is why.
The industry is still fairly new; in the scheme of industries like publishing, cybersecurity is new because it has only been around for 25-30 years or so as a dedicated industry. I have been a professional in cybersecurity for 15 of those years, but I have seen all of the years. This is Is Cybersecurity a Good Career.
This industry isn't fulfilling a need like the lumber industry is; it's solving a problem. The problem is that people deployed insecure things because we did not know what security looked like. People are creating the problem that we are hired to solve. Over the years, we have developed all of these tools, processes, and this tremendously big convoluted industry to solve the symptoms of insecurity. Still, at the same time, we have been training people to do a better job of putting things out there that are more secure. And that is addressing the root cause. Today, there are fewer problems. There are still problems, and still some of the same issues, but overall, we have gotten better with software security.
Software security is the root cause of cybersecurity.
Developers. Not hackers.
There was such a massive explosion in the development world in the 90s and 2000s that put all of this insecure crap on the internet that we relied on. Then, we spent the next 2010s and 2020s focusing on compensating for insecure development practices.
We then started training developers to write secure code, so fewer problems are being pushed into the world. Some problems, some of the same issues, remain, but overall, there are fewer problems. We're continuing to solve or try to solve the last of the issues from the 2000s.
So, we have fewer symptoms today. It's a misnomer to think cybersecurity is about protecting the world from hackers; hackers have been vilified enough. It's time we continue to put pressure and vilify the developers more who are causing the problems. Hackers have a bad reputation because of the carelessness and recklessness of developers who push things out into the world.
But on average, today, there are fewer symptoms.
Then, we have been training the users to be more careful because there are bad guys out there. We have been attacking this from all angles. Truckloads of money were poured into solving this problem, and we have less of an issue today. It's still an issue, but it's less of an issue.
A part of us should be proud. Some of us are sad because when we solve a problem, people need us anymore, and it is fun to feel indispensable. You had this respect and power in the economy and throughout society. But society doesn't think that way today; when they hear you work in cybersecurity, they don't immediately think about the problems you're solving. They first think, "Oh man, that's good money." I hate to break this to you, but the industry is heading into more rational zones with its pay.
There is less demand for extremely talented people because for the past 20 years the best and brightest have trained and developed tools that can do their jobs or defined processes that are instructions on what to do. There isn't much that needs to be 'figured out' anymore, and a lot of the work is simply just copying what the industry standard is, it just doesn't take a genius to do that, and the industry standard is pretty good.
So, I said I was hopeful at the beginning of this article. What am I hopeful about if it's not for higher pay or higher demand? I am hopeful that our lives will become more stable as cybersecurity practitioners and that we may finally get the job security that everyone believes we have.
There has never been any job security in cybersecurity, and the average tenure is typically less than two years at a company. The cybersecurity industry changes so rapidly that companies have to adapt their strategies often, leaving us without jobs because priorities have changed. It's very rare for someone to have existed at a company for long enough to learn it intimately and soak up every bit of tribal knowledge associated with its business practices. Things are more stable today, more sane, more roadmaps that will see fruition. It's a place with less volatility, even though pay will be less. It's beginning to even out and be predictable with predictable results.
A lot of money is a lot of money, but you have to take into consideration the stress and uncertainty that comes along with the pressure of everyone not knowing what to do. We know what to do today as an industry. We've figured everyone out thanks to the brilliant people before us. Cybersecurity is less of an innovative place, and a focus has been placed on tradition, and we know what works today and where we need to spend our time.
It's a bit more boring.
So there is. I am hopeful that it will be less nuts and I'd willingly trade some of my salary to have stability.
