1. 48
  1. 6

    A major reason I haven’t gotten into security, despite my continued professional interest and engagement with it, is that I see much of industry security as either snake oil or “very fancy crypto”, with effective security not something sought after or sold.

    When you can have major user identity breaches and there are no consequences except “tiny pay out for identity theft security”, really, why bother working in that area? >.<

    1. 7

      Good that you’ve decided to do something constructive by learning and working more. I would have suggested starting something on your own. One of the nice things about Capitalism is that if software vendors are doing a poor job — as you’ve identified — you have the freedom to compete with them.

      1. 11

        Unless Capitalism made you sign a non-compete to work at all

        1. 0

          That’s not really a product of Capitalism. That’s a term that two parties negotiate.

          Still, it is fairly common, but usually (I think?) these terms have a relatively short shelf-life.

          1. 4

            the basis of the negotiation is a capitalist relation. it could not be more a product of capitalism.

            on the other hand i don’t see how the freedom to produce your own product is at all specific to capitalism.

            1. 1

              on the other hand i don’t see how the freedom to produce your own product is at all specific to capitalism.

              You forget that capitalism is the freedom to produce your own product. And this is like the definition, not one understanding, that one has to set aside to understand what others are talking about when they use the word.

              1. 1

                by that definition you can have capitalism without private ownership of the means of production

                1. 1

                  (that’s the joke)

                  1. 2

                    sadly it’s hard to make a parody on that topic which is not also something someone would say earnestly

              2. [Comment removed by author]

                1. -1


              3. 1

                Capitalism is about maximizing ROI of its assets. Two strategies are maintaining profitable assets and reducing competition. Non-competes do both. Whereas, the free market approach would have no non-competes so both the companies wanting talent and worker pool supplying it have to improve. No talent is on lock-down.

            2. 2

              you have the freedom to compete with them

              Encouraging one individual to go against entrenched multi-billion companies in a quixotic endeavour with .1% chances of success is quite harsh.

              1. 4

                It’s less harsh than not having that freedom, and I don’t know how you derived that number.

                1. 5

                  Having the “freedom” to naively assign and praise all the sucesses thanks to the leading regime is a common theme in the propaganda of both the Communism and the Capitalism. In both case it’s political brain washing, and short-sighted historically speaking.

                  Man has done business and trading and exchange about tools and so on since the dawn of times.

              2. 1

                The mistake is believing that a product could exist that could suddenly fix all the issues any given company has in regards to security.

                There is no such product. Most of these companies selling these security-related software are selling vapourware.

              3. 3

                get involved with http://techworkerscoalition.org . if you need a recommendation for a union UE is the best.

                1. 3

                  This and the clique bullshit are why I never got into the mainstream, security industry. It’s mostly bullshit. It’s also usually thankless work. So, not a great career.

                  Can be a fun, deep hobby, though. Research what you want. Do some consulting and/or product development at your own pace with customers of your choosing. Makes a world of difference when you don’t have to take the money or kiss anyone’s ass.

                  1. 2

                    I’m experiencing a lot of these pain points too, though I’m approaching it from a different sub-field. People don’t care about current best practices. It’s expensive (in some ways) to build high-quality product and oftentimes that goes against businesses looking to maximize profit. If you continue to practice in a rut then you’re always afraid of falling behind, becoming devalued, not knowing what best practices are, and believing that you’re not capable. That leads to all kinds of insecurity, anger, fear, and god knows what else.

                    Some ways I’m trying to cope with this feeling is:

                    • Trying to build something myself. Take the template “I’d rather $BAD_THING than do this again” and substitute $BAD_THING with “start a company” or “build a framework”. I’d much rather have more problems and work longer hours if only those problems can just be my fault, because problems that are my fault are within my control. Alternatively, imagine all your problems are your fault to give yourself that sense of agency (counter-intuitively, that actually does help for me).

                    • Thinking about what kinds of abstractions will really make a difference in how we code. For me, accepting that all code trends towards the properties of a language / framework (e.g. all object-oriented code will result in state management issues between dev/prod) is an enlightening and freeing feeling, because then we can discuss options and tradeoffs. So going off and looking for those strong property-based guarantees (e.g. monadic error handling) is a great way to learn new things and possibly build alignment with others on higher-order fundamentals.

                    • Being able to fail gracefully in perceptions. Not necessarily “relaxing” or “not taking things as seriously” but maybe rationalizing that baseline “good code is code that compiles and puts food on the table”, even if it sucks. I have a really, really, really hard time about this and I’m not quite sure if I should accept this advice myself, but it’s something I’m considering.

                    1. 1

                      This is why I can’t get a job. All this software sucks. The whole web today revolves around JavaScript that doesn’t work, weighs megabytes, and is written by people who have no clue what they’re doing, who simply create all these special visual effects just because “it’s cool”, completely disregarding how much slower and more unusable the experience gets for the average user. And it’s not like they can even do anything about it, either — they just spent 20 grand to become a front-end developer; who are we to say that all the things they’ve learned should never be used in the vast majority of front-end-related tasks?

                      As for the whole infosec industry? Most of it is completely fake. All these security products are merely bandaids and at most an insurance policy to shift the blame to someone else.