|
Great question! For context, I transitioned from publishing top academic papers in security to building & growing a visual graph AI startup where, for one of our bigger customer bases, we work with top enterprise & military security teams. We're actively hiring here so some quick responses based on what I look for and have seen: * Red team makes sexy headlines, but it's the blue team who gets the seat on the board. Think prioritizing areas like detection, hardening, new protocols, thorough fuzzing, SDLC, vs finding bugs with a security flavor. Red team does have its niche, as pen testing + compliance audits form an important services industry, but the research opportunities are more limited. * Education: Cybersecurity fundamentals are super approachable and CS ugrads who did systems courses already have the harder basics: networking, OS, and compilers. Cyber-specific coursework mostly just revisits the harder fundamentals with a "gotcha" perspective. For more modern AI-ish roles, a classical math/cs background is typical. * Industrial education: Interestingly, SOC/IR/Hunt are NOT taught in school. Likewise, industrial experience in AI/data engineering/software can often be way more valuable than university-flavor, so career pivots are doable. It can be hard to do R&D within a regular operational security team. However, early-stage vendors like us inherently have to do it, and we work with top enterprise/tech/mil teams who in turn do research internally & through us. US, esp DC-area with clearance (ex: drugs can be problematic), opens a lot of doors. If anyone is like that for cyber AI or sec eng, either US or Australia, we're def looking for senior, and aim to have mid/junior later in the year :) |