[rotrot]

I'd recommend pivoting into security engineering. Security engineering, even at big tech companies, can be fulfilling as you are often protecting dissidents, journalists, and human rights activists from surveillance. Even at companies like facebook, you can work on protecting dissidents [2] while contributing very little to the company's ad business. There are also opportunities that pay well at non-profits like Amnesty Tech as well [1]. The challenges are surprisingly technical and your adversaries and coworkers are some of the most talented computer scientists in the world [3]. It also surprisingly comes with around a ~25% pay raise from SWE (I make $750k TC as an L6) as there are so few people interested in it. Switching into security engineering was the best decision I made and I now work with an almost completely clean conscious.

[1] https://www.amnesty.org/en/tech/

[2] https://citizenlab.ca/2019/11/whatsapp-attributes-hack-of-14...

[3] https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...

[xenocratus]

I've been trying to pivot in this direction for a while. Almost finished a masters degree in information security, while working full time on security-related software (though truth be told, I do focus on the fairly low-level aspects of security), and I'm still very much intimidated by security engineer jobs posted online. Still feels like I'd need to be working loads in my spare time just to not be hired in a entry level position in the field. Would you say this is accurate, or am I being paranoid?

[shigawire]

Any tips for getting into this with only a standard development background?

[rotrot]

As a software engineer you're more than half of the way there. A lot of people pivot into this industry with almost zero experience because it's pretty fun and they end up learning computer science along the way.

I'd first start by reading this blog https://noncombatant.org/2016/06/20/get-into-security-engine... and everything it links. Then study them to start getting a breadth of knowledge in the security space.

In parallel, I'd recommend studying real security vulnerabilities in products that use technologies that you have a background in. For example, if you are interested in both Web technologies and C++ ,I'd start studying Google Chrome, specifically it's Javascript engine V8 [1]. There is an entire cottage community of both offensive and defensive people looking for vulnerabilities in chrome so it's a good way to get started because there's a lot of information out there. One amazing thing about security engineering is that you get to learn how all of these amazing technologies work at a deep level, because you need to understand it almost as well as the developer to find security vulnerabilities in it. For example, I have a very deep understanding of how technologies like RTC, Browsers, Sandboxes, and the IOS operating systems work from auditing their code and finding security vulnerabilities.

[1] https://bugs.chromium.org/p/chromium/issues/list?q=Security_...

[zoolily]

Manning has a new book, The Cyber Defenders Career Guide (https://livebook.manning.com/book/cyber-defenders-career-gui...) that might help. It's an early access book, but all the chapters have been written, so you can read the whole book as an ebook already.