WingNews logo WingNews
top | item 27721397

(no title)

generated | 4 years ago

Best way to capitalize on this?

Infosec employees follow the same anemic HR compensation song and dance, often lumped in with all engineering as a category.

Security startups are known as "cockroaches," they never die but are a hard bunch to grow into unicorns.

Contracting really only seems amenable to a small bump in lifestyle business level rates.

discuss

order

atatatat|4 years ago

Fuck Unicorns.

What's wrong with being large enough to live well,

but still do the job correctly, and not botch your email migration?

Nursie|4 years ago

> often lumped in with all engineering as a category.

In recent years I’ve seen no evidence “Infosec people” are worth more than general engineers, and quite a lot that they are worth considerably less. And yes, this is when it comes to security matters.

The industry, as far as I can tell, is about 80% chancers who got into Infosec because they couldn’t cut it creating software.

prepend|4 years ago

This is similar to my experience. About 95% if security folks I interact with are compliance folks to audit and make sure checklists are done.

The other 5% are super smart and are basically engineers who specialize in security.

I feel like many cyber people get certs and then hope for nothing bad to happen. When something bad happens, they claim that someone else didn’t do something right or get fired and move on.

px43|4 years ago

> Best way to capitalize on this?

Have you considered starting a ransomware gang?

batch12|4 years ago

A method to transition people from related fields would be the most beneficial. Taking someone with a background in systems administration or programming and nailing on the security skillset would be more effective than taking someone who knows all security concepts and thats it.

The best way for a practitioner to personally capitalize depends on their background. For instance, someone with infrastructure support experience may make an excellent incident responder. Someone who deeply understands how systems would could be a talented pentester.

Edit: From a compensation perspective the solution is to take your growing experience to the next company willing to pay for it.

randmeerkat|4 years ago

The problem is it isn’t about nailing on the security skillset. It’s about executive motivation.“Security” is all about doing enough to shift liability and nothing more. Until executives are liable for security breaches this will continue.

atatatat|4 years ago

What makes you believe you can run a unicorn size organization and not see its general level of quality for the employee/customer become shitty like the rest?