[openasocket]

Current AWS Employee, and it's not that way where I'm working (Security). At 23 I'm the youngest person on my floor (excluding the intern), there's a couple people within a year of me, but everyone else is older than 30. On my team I'm the only one not married, and one of two that doesn't have kids. Two of the people on my team are the same age as my parents. If I ever want to make people on my team feel old, I remind them I'm closer in age to their kids than them :).

Maybe security skews towards an older demographic, but that's been my experience.

[equalunique]

When I was 23, at my job, I was the youngest person on the cyber security team. Not AWS but US Federal Cyber Sec. I imagine moreso for US Federal but also for other realms of Cyber Sec., there's a rather dry aspect to both knowing the "rules" and measuring "compliance" which aren't so attractive to younger people. That's my supposition, anyway.

[openasocket]

Maybe, though compliance is handled by a different sub-division of security than me. My personal opinion is that what we do requires a wide range of background knowledge: you need to know assembly, cryptography, networking, OS, browsers, etc all from a security perspective. And there's a lot of things you can only really learn from on-the-job training.

[equalunique]

I must agree that on-the-job training is effective and possibly underrated in the field of cyber security. The one domain where it didn't stand out IMO was cryptography. Being taught how PKI and HTTPS work as a lesson in a course is valuable on it's own, however, when I think about all the coworkers that I've encountered who don't quite grasp how that stuff works, such a lesson has proved to be even more valuable. Would you say your on-the-job training covers PKI effectively?