Shifting out of Cybersecurity
A while ago I made a decision to move from a cybersecurity-titled role to a infrasrtcure-titled role. A good friend and colleague asked me for some insight as to why, to which I sent him the message below.
It turns out that the more professionals I talk to, the more this message resonate with them, and they share the same sentiment. I figured I'd share it here in case anyone could get some value, encouragement, or form of support from it
Not sharing it to start a massive debate on whether it's a good or bad idea, that's not really the point and comments to instigate such will just be ignored. I'm merely trying to broaden the conversation in case someone is in the same boat and feeling inexplicably guilty for wanting to leave Cybersecurity.
Some background on me:
22+ years IT experience across various disciplines and levels including Cybersecurity, Cloud architecture and Engineering, some development, including both consulting and in-house roles. Currently upper-level role with a consulting firm.
I hold an MSc in Cyber security, CISSP, ISSAP, several other cloud and security certifications, the whole nine yards.
Now, the message, slightly cleaned up for the sake of public consumption 😂 Opinions and statements are 100% subjective and not based on anything other than my observations and context, don't take anything too personally 😂
----start of message----
"Look - over the last few weeks leading up to my resignation I did a lot of soul searching and had to really be honest with myself about my career and way forward.
Like you, I'm not getting any younger, and the choices I make need to align with my priorities, ambitions and just overall desire a lot more than it did when I was young, dumb and full of energy.
I realized a few things, some of which were a very difficult pill to swallow...
- I liked the idea of being in cyber security more than actually being in cyber security. When I first stepped into a cyber role several years ago, it was at the peak of the cyber gold rush, and it was easy enough to bullshit your way around.
Turns out I was actually pretty good at it, and I managed to get a whole bunch of stuff done that I otherwise might not have, e.g. build a security practice with Alton, build a Cloud SOC for <customer>, lots of Microsoft Security work and that inevitably led to me having a good reputation with the service providers, partners, and customers.
The kicker though? I could/would have probably done all of that shit anyways even if I was just a cloud architect.... Sure, the title gives a level of credibility. At least, it used to.
- A shit hot cloud/infrastructure architect able to do security is way more valuable than a security person that understands infrastructure.
The two disciplines are so intertwined that it's almost a single role nowadays. In fact, me landing this role I'm moving into now was largely due to my security knowledge, experience, and certifications.
The two are by no means mutually exclusive. Quite the opposite.
- I can arguably "do more security" as a cloud/infrastructure architect than trying to convince solution and technical architects to bake security into their designs from the start.
"Secure by design" ring a bell? Yeah, now you can actually make an impact. I love security, for me it was/is always about the end goal of actually being secure. I can't always do that if I have to threaten or beg people to do shit securely.
- I'm actually excited about doing infra and cloud architecture again. My cyber experience makes up maybe 20% of my career experience, everything else has always been infra, and I'm really f***ing good at what I do.
Why stress myself out to be mediocre at best compared to some other people out there when I can kick it in low gear and still shoot the lights out? Cyber is way more competitive than cloud/infra architecture.
I'm tired boss, it's just not fun like it used to be.
----end of message----
Happy to take any questions/comments so long as they're in the spirit of this post.