Ask HN: 11 Year (7 in FAANG) laid off dev needing career advice

[readyna]

Background:

I've had many years of experience, but essentially only 1 year of experience in any one thing. It's all been pretty random, though notably very little frontend. To get specific without being too specific, in recent years I've implemented a filesystem, made a testing framework, added functionality to a C++ library, created a middleman between kernel space and userspace, etc. The takeaway is I can do lots of things, but am not an expert in anything.

Problem:

Judging by job postings, the two main categories that even remotely fit me are Infrastructure or Backend. The problem is I have huge holes in those categories - I haven't dealt with the setup of CI/CD, created APIs, used Kubernetes, or done anything to do with distributed computing. The extent of my backend web experience were small scale and lived on a single machine. While I have no doubt I could pick things up quickly, the fact is I lack the experience that basically every position is looking for. So far, recruiters won't even give me the time of day. Even if we do have a call, I usually don't even advance to the technical screening.

Solution?

Obviously, need to choose a focus and try to convince someone I am capable of performing. Let's say that's Backend. But what can I do about the massive hole in my experience?

I've been doing Kubernetes tutorials, but the pessimist in me fears that in this job market, there will always be another candidate with actual real world experience that will get the job instead. I would also never be able to simulate a large enough load at home to gain experience in solving scalability issues. Would having played with Kubernetes at home matter at all to prospective employers?

I feel like a fish out of water right now. Has anyone been in my position? How did you solve it?

[jonahbenton]

You are missing a big part of the needed work. I would suggest this approach. Make a list of every person you have worked with over these 11 years, everyone with whom you had non-trivial/extended interactions. Probably a long list! Go through that list, and think about- which of these people did you like to work with. Which liked working with you. Which ones appreciated the unique things you brought to the table when working on a problem. Be very selective. This is probably a much shorter list! For each of them, track down their email and compose a personal message communicating that you remember working with them on X, you enjoyed the experience. You are looking for a new challenge and would love to get coffee/zoom coffee/touch base. Send the message. After doing this for each of the very selective group, reduce the selectivity a bit and repeat, composing a still personal message, just reaching out.

In terms of skills, yes, you may be helped by figuring out a focus and gaining depth in a particular area. But which area? Here you do need to do another layer of analysis beyond job postings, but you will also need to figure out what interests you, what you would be motivated to do. Which might be more technology or it might at your level of seniority be other areas like business domain or people areas. If business domain or people areas are interesting then you will want to double down on setting up conversations with your network. But if technology is interesting the very best thing to do is the learn in public. Take your lack of knowledge as a strength, start from zero, and use your existing skills to learn how something is implemented, and teach yourself, documenting as you go, to the level of depth that satisfies you. Publish that work. If you have worked at the kernel/file system level you find especially in user space platforms like k8s many oddities and curiosities. Listen to your curiosity and document those oddities. You might actually find something that needs fixing, in that case, submit a PR.

Both of these approaches- reaching out to your network, and following and documenting your curiosity- take time. Doing the job hunt with recruiters does as well. But this way you are growing yourself as an asset, in relationships, and in skills.

HTH. Good luck.

[readyna]

Ah, I had only really reached out to those I met at the 7 year company. Going even further back for anyone I hadn't bothered to talk to all this time seemed a bit weird. I guess I can try!

I did start blogging my side projects, but I hadn't considered digging into other implementations and blogging my findings as well. Interesting idea, will try!

[hqsolomo]

If you have the patience you can try setting up your own CI/CD pipelines.

IMO API dev isn't THAT different from what you already do, just a different mindset. Take this with a grain of salt from me though because I only dabble in API dev.

There's an O'Reilly book "Cloud Native DevOps with Kubernetes" that have me a solid grasp on Kubernetes but the biggest lesson from that section was "don't manage k8s yourself" and that was the BEST advice about K8s I've ever seen. Create a free account with the cloud service providers and play around with k8s (ideally after you've run through some guides on CI/CD). This is 100% your "real world experience".

If you're looking to try a new career field I think you'd likely excel in infosec with your background. Take a look at application security and see if that interests you.

I know your pain as I'm on the tail end of what you're going through, but as an outsider looking in it seems you're in a much stronger spot than I am! They're is light at the end of the tunnel!

EDIT: IT needs specialists AND generalists. From one generalist to another, don't be too upset about not being an expert in your domain. I'm a CISSP that struggles with security analysis but can do security management, privacy, and GRC off a fresh bong rip and a four loko+rip it cocktail. THERE IS NOTHING WRONG WITH NOT KNOWING EVERYTHING BECAUSE A GOOD TEAM WILL ALWAYS LOOK OUT FOR EACH OTHER

[readyna]

I agree API dev doesn't seem particularly special. Really boils down to async calls with a chance of never hearing back. But maybe I'm that out of touch... Even if it is trivial though, I've had a recruiter ask me for specific examples of any API experience I have, and of course proceeded to ghost me.

Skipping k8s management makes a ton of sense to me, especially since that should be considered more of a DevOps job anyway. But since you say to do CI/CD first, I assume you mean I should go through the entire flow where I submit commits and have the "CD" deploy to the cloud k8s? Seems like I'd still need to be able to bring up my own local instance to see my code changes during dev, and would need to manage the local k8s.

Security might actually be the way to go long-term! The way I see it, it has to be verifiable (not possible to depend on AI) and can't be outsourced (at least not to any adversarial country). I'll definitely look into that!

What was your playbook to get into infosec?

[hqsolomo]

When I say "do CI/CD first" I do mean "make a commit and watch it go brrrr". You could build a pipeline yourself if DevOps engineering sounds fun but my experience with it professionally is "do whatever the DO guys say to make sure your changes reach prod". I dabble in my spare time out of curiosity and because I like punishment, lol.

I took a nonstandard path into infosec- I never actually went to school for it because it just wasn't taught where I went at the time. I learned by reading a lot and testing what I read against my own (and sometimes not my own) machines and my previous employment gave me a solid foundation since all of my professional skills were transferable. I was a dev for 2 years and a security-focused business system analyst for 6 years before getting my first job in infosec, and I'm 100% sure I passed my CISSP solely on dumb luck because I just "picked what made sense to me." I never took Sec+, Net+, OSCP, etc... certification because by the time I found out those certs existed I was already a CISSP and working to shore up my blue team weaknesses (blue team = "don't hack me bro", red team = "IT'S PWNIN' TIME". There's also purple team where you do both, I see this being the future of the craft much like how development and operations has pretty much merged).

I definitely recommend reading up about cybersecurity topics- maybe even take a Udemy or Coursera course or two on the fundamentals. Even if you get an entry level role I have no doubt you'd be able to ramp up quickly. You DO need to understand networking concepts so that might be new but it's seriously not THAT in-depth and you can skirt by initially with the basics (know how networks work, and be able to both capture a packet and read a PCAP file) and pick up more as you grow into the field. You'll need to pick up soft skills to help you frame technical concepts into terms laypeople can understand for your reports, which can be a challenge at first but you get the hang of it after doing it a while. As long as you're on a decent team any weaknesses you have can be covered by an ally- DO NOT BE AFRAID TO ASK FOR HELP WHEN YOU DON'T KNOW SOMETHING!

I do need to be transparent- my skills are more on the security management side (I could talk for HOURS about security risk) and most of the roles I've seen advertised (including the one I just left) are for security operations center staff. Hopefully another security professional here more skilled than I can chime in to keep me humble and honest!

If you're interested (ISC)2 has a "Certified in Cybersecurity" certification intended for people new to the industry. I'd take a look at the exam material for that and see if it interests you. You may be tempted to jump for CISSP, CISM, a GIAC cert, etc... Save those for later in your career when you KNOW you're ready (also I dunno about CISM but CISSP requires at least 5 verified years of professional security work and the endorsement of another CISSP. I don't think the GIAC certs are as strict but they're WAY more expensive). They're NOT easy, and there's a real risk you'll end up like me if you successfully take the shortcut, a CISSP that excels at the really hard stuff but has no interest in/sucks at the grunt work.

If you can get a mentor for cybersecurity that would be a huge plus- not just for helping you find a job in the industry but it REALLY helps fight off the inevitable imposter syndrome (I have met exactly ONE security professional in my entire career that didn't deal with imposter syndrome at some point in their career. That one guy has a higher IQ than my car has horsepower).

Hope this helps!

[eschneider]

Embedded Linux/Application work might be an option. If you've got good core c++ skills and you don't mind learning new things quickly and on your own, then you should be able to handle the job just fine.

[readyna]

Actually, just yesterday I had a recruiter call where they remarked "oh we thought you had embedded experience but I guess not" and proceeded to get a rejection email that same day...

I am not that great at C++, but I guess self-teaching C++ is a more fitting path to go down vs. self-teaching backend tech?

[eschneider]

I think it's more 'figure out what YOU want to do' and optimize your resume and job search for that. Recruiters will be somewhat random no matter what you do, so don't put that much stock in their comments.

[rsynnott]

Was the 7 in FAANG at one company? What was your role there? Does that role exist elsewhere?

FWIW, particularly at large companies, I wouldn't have thought the average engineer would be touching Kubernetes, or the build pipeline, or whatever; there's a fair bit of specialisation in large companies. And some companies don't even use Kubernetes; despite appearance, it is not mandatory :)

[readyna]

Yes one company, I was a generalist software engineer.

I agree that it'd be very weird for any of my colleagues to have touched Kubernetes or the build pipeline (unless that was their entire job). Large companies can afford to let people specialize, but that's not necessarily the case with smaller companies where people need to wear many hats.

It's just pretty apparent that I need to put on more hats to be a competitive candidate, especially when the hat I do wear usually isn't relevant to the companies that are hiring. Large companies also have plenty of teams doing more mainstream work (regular backend dev) even if it doesn't include k8s, so they all still have a leg up on me in this sparse job market.

Of course my problem might disappear when the market recovers and the large companies hire again, but I'm not going to sit around waiting for that.

[ganbatekudasai]

I'm curious why you seem to be looking for a web/web backend development position, when clearly you're an operating system developer.

[readyna]

Just going by what's available. There are only so many companies doing OS work and they typically are the FAANG-size places that can afford such an endeavor. And they aren't hiring.

[pxcse]

> Just going by what's available.

That's not how it works. If a brain surgeon can't find a position in a hospital do you think someone will hire him as a clerk because "that's available"?

[readyna]

This seems like a pretty disingenuous trivialization. What would you propose then, I just twiddle my thumbs to wait for something to fit me?

What if I were a a horse-drawn carriage driver and the car industry was relegating my career into niche theme parks? If I don't want to be in that niche anymore (and I don't!), then logically, I should learn how to drive a car and become a driver.

I am just making the observation that the vast majority of available openings that can even remotely fit me (ie. not any sort of frontend) are backend, with a distant runner up of infra. If that is the reality, then I need to meet it.

It's not that I'm against niches. I like the suggestion in the other post to go into infosec. I consider that a niche too but at least most companies would need it. Very few companies make operating systems. I feel that I shouldn't have gone this direction in the first place and this struggle to find a job is a wakeup call to change.

My post already outlines my willingness to learn/retrain to fit a new reality. I'm asking for advice to make such a transition, not really looking to being told to keep doing what I've done when it clearly isn't a very portable area of expertise.

[defrost]

Personally I like doing orthogonal work and while I've written a million+ SLOC lines of GIS|geophysical aquisition and processing code after wading through OS dev and compiler writing I've also done weddings, parties, anything work elsewhere.

Another radical thought is to forget the IT industry first approach and look to other industries for suggestions of how you could best serve them and recommended contacts to chase up.

Mining, energy, construction, surveying, etc all have data heavy sides to them, specialist software, and particular hardware | processing needs.

Drones have embedded operating systems and a wide variety of sensor and control modules, they're used to inspect work, document multi spectral growth in agriculture, provide aerial footage in the AV industry (movies, streaming series, corporate documentaries, etc).

If you can visit trade shows for industries you've never really though about you will generally find interesting work that has an IT angle that is very probably starved for talented attention.