[equalunique]

When I was 23, at my job, I was the youngest person on the cyber security team. Not AWS but US Federal Cyber Sec. I imagine moreso for US Federal but also for other realms of Cyber Sec., there's a rather dry aspect to both knowing the "rules" and measuring "compliance" which aren't so attractive to younger people. That's my supposition, anyway.

[openasocket]

Maybe, though compliance is handled by a different sub-division of security than me. My personal opinion is that what we do requires a wide range of background knowledge: you need to know assembly, cryptography, networking, OS, browsers, etc all from a security perspective. And there's a lot of things you can only really learn from on-the-job training.

[equalunique]

I must agree that on-the-job training is effective and possibly underrated in the field of cyber security. The one domain where it didn't stand out IMO was cryptography. Being taught how PKI and HTTPS work as a lesson in a course is valuable on it's own, however, when I think about all the coworkers that I've encountered who don't quite grasp how that stuff works, such a lesson has proved to be even more valuable. Would you say your on-the-job training covers PKI effectively?