Hacker News new | ask | show | jobs
by SadWebDeveloper 1200 days ago
I have said it before and still say... InfoSec is a glorified policy writer.

You spent more time 90% of the time "writing documentation" rather than on finding the security problem and suggesting the fix. That's why i choose development rather than InfoSec (despite having a knack for it), because its more technical and i don't need to explain "why" everytime.
2 comments
supertrope 1200 days ago
The best security tools and practices won't protect the business if they're not used consistently. Policy is how things get done. It's an expression of the business' values and priorities. Even if it's just "all employees must install the authenticator app or request a Yubikey otherwise the cyberinsurance will drop us."
link
_tk_ 1200 days ago
I think you are mistaken. Obviously InfoSec is a rather generalising term, while you are abstractly describing the work of someone that works in Application Security.
link
SadWebDeveloper 1200 days ago
I would rephrase the question... what InfoSec jobs doesn't involve spending writing documentation?

pentesting? 20% finding the low hanging fruit, 80% writing and explaining your findings.

forensics? 10% finding how they did it, 90% writing and explaining your findings.

malware/policy/security/cloud security analyst? 100% writing and explaining your findings.

the list goes on and on... you are basically and a slave for word processing software, thats why totally understand OP quitting infosec.

link