reasons to not get into infosec, sort of

Reasons to not work in information security? Oh yeah, we have those lists!

(Side note, the article drew my attention not because of this list, but because of the awful, awul title: “6 Reasons Why You Should NOT Work With Information Security.” I read that as why business/people should not cooperate with infosec. Pesky prepositions!)

6 – Working long hours, forever. Truth! Then again, this can be said of almost any professional-type of career. But, that doesn’t mean we can’t enjoy our jobs and unplug and balance life at the same time. It is also part of our duty to educate our own industry so that we’re not guaranteeing prevention of security incidents. It really is unreasonable to think we must toil away until our network is impenetrable, just as much as making a developer work until a major application is written entirely and perfectly…

5 – People only remember of you when things go wrong. Well, yes, this is unfortunately true. It’s going to be a continued part of our job to stress that prevention is not a guarantee, but we can certainly help the odds. This is also a truism in many professions, though, especially in IT or any utility; you get praised when shit hits the fan and you fix it, not when you do good things when no one is crying. (/hyperbole) In the end, I think most infosec geeks I know understand this, and it doesn’t really bother them.

4 – Study, study and more study. Yes, true, and every infosec geek I know loves this! I’m not sure I’ve met any that have been forced to study up on something they hate…with the exception of having to study up on something they already know just because someone wants proof or metrics or won’t just take your word for it (a whole other discussion there!).

3 – There is a limit for growth to your career. I think a certain Lee and Mike would disagree. Still, there is a bit of truth in the article’s assertion that many CEO levels have had blessed roads, or those that flow through the sales silos. Then again, that C-level/executive/managerial is the goal of all people is a poor assumption to make… (about as bad as assuming the road of a C-level is…)

2 – No room for mistakes. Refer back to #5: this is true, but is part of the education process to make sure people know that prevention is not a guarantee. I know, I know, so many people in business dislike even a single mistake, but try to bring this back around to accounting, finance, and strategic management: there is always a balance of risk, cost, and revenue; even if the rank and file think every mistake needs to result in an upheaval of processes and people (really, that’s a result of too much middle management and unhealthy performance pressure…).

1 – People expect you to crack their exes Gmail passwords, wireless networks, and combination locks. Again, true, and this is bad why? Also, again this is part of being in a professional career. Personally, I do enjoy the “mystique” that still hangs over technical mastery and hacking, and feel complimented when someone asks things like this of me; either I oblige when ethical, or educate when unreasonable.

One thought on “reasons to not get into infosec, sort of

  1. Hi Michael,
    This is Adriano from My Infosec Job.
    I just wanted to thank you for commenting on my article, regardless of the different opinion we have about the topic!
    I believe a healthy discussion based on facts always helps people form their own opinion and we definitely provided lots of readers with food for thought!
    Please be welcome to read and agree/disagree with me any time! 🙂

Comments are closed.