Hacker News new | ask | show | jobs
by SOLAR_FIELDS 5 days ago
I personally as a general rule don’t hire people who work in cybersecurity if they were not traditional developers first. The chances of you understanding “cybersecurity” without also understanding how general software works is extremely low.
5 comments
crims0n 5 days ago
This is broadly true for all concentrations in cyber. There is no entry level. Your first job should be learning how what you want to focus on works… be it networking, sysadmin, devops, vendor risk management, etc.

Unfortunately, cybersecurity was a hot topic in the education market and people got sold on the idea that they could get a six figure job with nothing but some theory and an entry level certification.

link
jagged-chisel 5 days ago
> Your first job should be learning how what you want to focus on works.

Then what was the purpose of sitting for a degree?

link
crims0n 5 days ago
There is theory to learn and it is important, but it is all for naught if you don’t understand how what you are protecting works. You need both for an entry level position - there is a reason those positions pay as well as they do.
link
jghn 5 days ago
This is true for most sub-fields. The average person in them is either a failed dev or more of a pencil pushing box checker. The quality employees are devs with extra specialized expsrtise

Security, qa, devops, data emgonerkng, the list goes on and on.

Infosec also adds the angle that you want someone with actual grey or black hat hands on experience

link
TurdF3rguson 5 days ago
I'm actually pretty good at data emgonering, one time I accidentally wiped our production db.
link
jghn 5 days ago
You too?

That was one long ass day!

link
jjav 4 days ago
Absolutely. Cybersecurity is not a field you can (well of course you can, but not with legitimate effectiveness) approach as an isolated field of study. To be effective you must have a reasonable experience and skill in programming, and in operating system internals, and in the network stack from the highest to the lowest level. You'd do well to also have experience in hardware and QA and you really need aptitude and hands-on experience actually breaking into things, not just in making things work. The last one is often hardest, plenty of brilliant people know how to build things but lack the mindset to break them.

So in this sense it is true there is a significant shortage of qualified cybersecurity people to fill the roles.

The mistake is that institutions try to fill that shortage with some undergrad program (or worse, certification) which of course can't build expertise in all the above fields in a few years. So that graduate is nearly as unqualified after graduation as before.

link
giancarlostoro 5 days ago
Kind of funny, my cousin studied software development, then she pivoted to cyber security last minute because she was uncomfortable about finding work, she's been through a few different companies so far, so I guess it worked out for her.
link
yogorenapan 5 days ago
100%. I started out in cybersecurity and was complete shit. I gave up and went into software engineering and devops instead. Now returning to cybersecurity again and things finally make sense
link