[spydum]

Totally agree - it still cracks me up in my particular industry. “There’s a shortage of security engineers and architects” is a common trope. No there isn’t- you just aren’t paying more than SWE and other dev salaries. People would consider switching if the money was there.

[wglb]

I was successful in doing this.

But I started out by finding software engineers that were interested in security and were willing to learn and turned them into higher-paid security folks.

[spydum]

absolutely this. most solid security people were devs with an interest who were given the opportunity to flip. the problem is employers want to pay below market prices, for someone who already has all of the skills they want. that just doesn't happen: those people command a lot more money. your approach is MUCH more practical (hire or transfer good interested devs internally, and train them up).

[wglb]

The hard part was working with HR to make the new salaries higher. Not a small task.

[monksy]

Money isn't always the reason. In Chicago there are dev companies that are so toxic or imploding that they're well known.

[wildmusings]

Most people would work in a toxic company for the right price. For an extremely awful job it might be very high, but just about everyone has a number.

[ken]

The bad companies, though, don't tend to offer more money than average. IME, they offer less. When a company is deaf to what developers care about in one department, they're usually deaf to what developers want in other departments, too.