[n0on3]

I wish the best to the author and I hope he finds a great environment in Talos to do great things (afaict he probably will).

However, and this is mostly for the sake of others reading this, be aware that the security industry has its own versions of the problems mentioned affecting the academic environment, and these versions are in most cases way worst than in academia. With the exclusion of some enlighten cases (which most often coincide with a good financial situation that allows for teams that do cool stuff without too-pressing metrics on the immediate business), in private companies literally everything is driven by money and to that one must add up that the incentives that the people part of the companies have (to this: in private companies the turnover is way higher than in academia). Some examples:

- Papers that don't deserve to be written? wait for that endless stream of tasks that does not deserve to be done that way (but need to be done that way the same, because <reason-you-cannot-argue-against>).

- Optimizing for the wrong things? wait for words like "cost-effective" to pop up.

- Move away from very cool stuff? yeah, that does not happen because the cool stuff are not even on the table, unless they can bring in money fast.

- Non peer-review things dismissed? wait for not-approved-by-manager-X or not-in-the-agenda-of-key-person-Y or subject-to-approval-of-Z-who-cannot-possibly-even-understand-the-value-of-that.

- No time for tech stuff? sorry, that doesn't change much unless your job is highly operational (which you won't enjoy much because it will have to be "cost-effective", thus most likely repetitive and metrics-based).

I'm not saying that every private company is a circle of hell in the security industry, but unfortunately most have far harder-to-deal-with problems than those listed for people looking for things like the author. Afaik, the common big difference is you get paid more and you see real-world cases as they happen.

(edit: formatting)

[adminprof]

Agree with all your points. The author has been in academia all his life so after 20 years or so, I can see how he can feel frustrated by it.

I think the general summary of what you're pointing out is that in industry it's easy to do things that the company wants to do (make money, make your boss look good, make life easier for the execs), and hard to do things that you want to do (cool stuff, disseminate ideas, and explore).

When you start at a company, you're optimistic and campaign to do a balance of both, but over time it wears you out so almost every defaults to doing the company work and fades out of public view. And yes, MSR is generally the exception but even then notice how many researchers there now do something related to "optimizing productivity".

[sevensor]

> I think the general summary of what you're pointing out is that in industry it's easy to do things that the company wants to do (make money, make your boss look good, make life easier for the execs), and hard to do things that you want to do (cool stuff, disseminate ideas, and explore).

Based on my experience, I agree with the first half of this sentence but I'd argue with the second bit. Sometimes the interests align. The one thing that has made my PhD worthwhile has been that it gives me the credibility to work on cool stuff that's going to make the company money. That's not to say that I would necessarily be working on exactly the same things if I had been free to choose, but that's largely because I'm solving problems I didn't know existed before I took this job!

[dasudasu]

In industry, you have "paper that did deserve to be written, but didn't because that's giving away knowledge to competitors, and also time wasted." Patents are respected, but that's not really something too relevant to software.

[marcinzm]

Most large companies have research divisions that do a variety of tasks which are not directly tied to short term money. The work varies from almost-pure to almost-applied but generally has different KPIs than product teams (patents for example). They're usually run closer to an academic institution in terms of structure and management. Granted there's generally some incentive to get other teams in the company to actually implement whatever you came up with.

[n0on3]

That's true, but I think on one hand these are fairly rare cases compared to the whole industry while on the other there is also the point that these divisions might not be as stable and long-lasting as one might expect.

Related, discussed on HN a while ago: https://blog.dshr.org/2020/05/the-death-of-corporate-researc... Previous discussions https://news.ycombinator.com/item?id=24200764 and https://news.ycombinator.com/item?id=23246672

[marcinzm]

To the first point, they're rare but industry is massive so their total absolute size isn't that small. And if you're a tenured professor in a semi-related area then it's not hard to land in one of them.

To the second point, it's true that the research focuses shift over time but if your research area fizzles out you can either shift to a more applied position or move back to academia.