[bayesian_horse]

I had watched a few courses on information security and noticed that those working in the more management / corporate related infosec roles seemed to be massively overweight, almost all of them (I am too, btw). Not saying that to shame anyone, just: Does the job make you miserable or stressed out?

I have been forced to do the infosec role as a "side thing" in a couple of jobs now, mainly because nobody else was around that even had the basic skills. One of the things that discouraged me from going further in that field is that it doesn't seem to make people all that happy and fulfilled. Again, I may be wrong on that, as an outsider looking in.

[justin_oaks]

I'm very interested in security vulnerabilities and clever hacks. Because of that I thought I'd be good in a security role. Then I discovered that defending against security problems is awful.

The biggest security weaknesses are people. Employee get socially engineered or phished. Management doesn't take security seriously so they put only a tiny budget toward security. Lazy sysadmins don't keep their systems patched. Software developers can't be bothered to learn how to write secure software, and this is mostly because their bosses don't incentivize them to. Security vendors often hype up their snake oil products. Good security protocols and technologies aren't adopted because people don't want to change.

Dealing with these human problems is awful, demoralizing, and generally unsolvable.

[debacle]

Security is always a cost. It's never a benefit until after someone has already been hacked, and you're the cleanup crew/IT oncologist.

I decided 10 years ago to never work in a role/company where my job didn't contribute to the bottom line. It's much more satisfying.

[mango7283]

I was a lot happier when I was working for a security tool vendor than I am now working in itsec on the customer side...

[bell-cot]

Oh, yes. Infosec has all the downsides of being an ER/ICU nurse at a miserably understaffed hospital, with ~none of the upsides of saving people or genuine patient/family gratitude.

[mango7283]

Haha you said it...

[bayesian_horse]

The pay is better though.

[red-iron-pine]

* high or higher stress role

* can be demanding or irregular in terms of hours

* real, genuine infosec requires deeper knowledge of OS's, protocols, tools, programming & scripting, etc. Gotta be a little more experience to get that, and even more experienced to move away from it into mgmt or higher level roles. In other words, older office worker, and that means more gut.

[mango7283]

I manage a monitoring and ir team and am obese. I tend to stress eat and there is a lot of stress playing defense all the time.

[justin_oaks]

If you prevent all the security threats, nobody notices, and the bosses wonder why they even pay you. If a security issue gets through, the bosses wonder why they even pay you.

[digitalsushi]

If you are doing this job and not reporting out on your effects, you are doing half of the job

[bayesian_horse]

Meditation could be helpful. Maybe the "Muse" EEG headset might be something for you.

Medication shouldn't be out of the question to stop the stress from killing you. I don't need to know any specifics but just when you say "stress" and "overweight" I can tell you to get checked for at the very least sleep apnea and diabetes. Both can and will ruin your day if you don't catch them early enough, and most people don't.

[conorcleary]

You're always, always going to be playing catch-up with criminals. It's a defense-only game. It's also like the scenario that caused the development of police radar detector-detectors, etc.

[nekitamo]

In infosec the hours are long, morale is fatalist, but at least the pay is good and jobs are plentiful.

You have to make sure you manage your relationship with your job carefully, or you will burn out as the author did.