[amriksohata]

Never agree to be on call and if you do, make sure you are being paid double salary as a minimum, all modern science points to working unsociable hours as a massive detriment to your health. Also working Saturdays and Sundays does not make your team more productive, because your staff will be tired the following week, it's a false economy.

[scarface74]

So if your software needs to run 24 hours and something breaks with your software, how do you avoid being on call?

A developer shouldn't be the first person called, there should be an operations staff but they may have to escalate.

On the other hand, any time that a developer is routinely being called in the middle of the night, there is usually either an issue with the software or the infrastructure not being fault tolerant.

[amriksohata]

In the UK there are laws you can opt out of being asked to work more than a certain amount of hours. They company should have an out of hours plan but most experienced developers will know very few things get resolved in the middle hours of the night, things need testing, reviewing and sometimes the solution is not simple, it is better like you said to have ops staff that gather data and then pass it on when devs are in fresh, however if you have, say, a big international sale which is happening in another timezone then why not just pay staff as a one off to be around?

[bradhe]

> Never agree to be on call and if you do, make sure you are being paid double salary as a minimum

Good luck with that.

[toomuchtodo]

> Good luck with that.

Agree entirely. The law hasn't caught up requiring compensation for on call/off hours work at the existing salary level (at least in the US).

Moving from devops/infrastructure to security I doubled my total comp (salary + 401k + vacation + health insurance) while reducing the hours per week I work down to ~37 hours (I also get to work remote and never work nights or weekends). If you're in ops/devops/infrastructure, I highly recommend the transition to others, the current demand for competent security professionals is quite literally bananas.

TL;DR If you're in ops, get out of ops (easy) or work someplace that will compensate you appropriately for on call/nights/weekends work (hard).

[SirZimzim]

Any suggestions for those of us trying to enter the security market from devops?

[toomuchtodo]

If you know how to securely design and build AWS environments, you qualify for “cloud security architect” positions based on my interviewing experience. Beyond that, interview for security positions and take note of your gaps to improve on.