| HN Mirror

I'm more speaking for the average junior dev -- I part-time as a mentor for a coding bootcamp and get to interview thousands of 1st year junior devs on a yearly basis, and the burnout rate is incredible. Contrast that with my time working in infosec, where I had 20-30 hours a week of free time in which to work on random side projects, play call of duty with my boss (literally), etc., while we wait for X thing to be approved or wait for an incident to occur (which might take a whole quarter). When I did the same for the DoD, things were amusingly both less lax and slower.

Now as a CTO at a YC startup, I've created an environment where devs have good work/life balance, time off is encouraged, engineering has significant say and sway on product decisions, etc., but this is by no means the industry norm.

On the infosec side, the industry norm seems to be infosec is largely consolidating as the industry switches to outsourcing everything to public clouds (read: disappearing), and what remains is pretty relaxed unless you are chasing bounties all day, which is typically a self-driven situation. Penetration tests for example seem to have longer timelines these days even though most of the tools are now automated (our startup just went through SOC-2, and I can tell you from the server logs almost all the checks on our staging server happened in the last 72 hours of the evaluation period). My assumption is for the other 26 days of the evaluation they are indeed playing call of duty, and so it goes for the whole infosec industry.