Thread: over the years, I had countless infosec newcomers ask me how to build a successful career in the field. I don't have a recipe for success; but there are several things I learned over the years, and they're a bit different from the usual career advice you hear. (Thread)
10
217
30
778
My most important tip is about happiness: jobs come and go, conflicts happen, you can't win every argument. It's best not to let your work projects define who you are. If reviewing a code change makes you angry, it's time to pause; non-computer hobbies help.

1:18 AM ยท Jun 19, 2021

3
21
0
214
In the same vein, friendships last longer than jobs. You don't have to get along with every person you encounter, but it's good to try. And when being a good person clashes with doing your job, it's probably time to pause, push back - and if that doesn't help, bail.
1
14
2
189
Next, remember that this is a volatile industry. You might feel invincible today, but job markets can crash overnight - and did so several times before. There are great rewards in tech, but it is foolish to live paycheck-to-paycheck. A Tesla can come after a rainy-day fund.
2
7
0
119
I also usually tell people not to overthink job decisions. There's randomness we can't control: stocks move in unpredictable ways, PR cycles ebb and flow. Focus on the long term; over the course of your career, the transient stuff will probably even out.
1
6
2
104
What else? Oh: disregard 90% of what you read on Hacker News. There are real gems there, but they're hard to tell apart. Meanwhile, most of the tropes about corporate life are exaggerated or patently untrue, often written by people who know less than you.
2
6
0
140
To advance your career, remember that ideas are cheap, so develop a track record of delivering high-quality results. Simplify other people's lives by owning problems instead of merely logging complaints.
3
37
8
290
Visibility helps, but only if it instills trust: promote your work juidiously, but be self-critical, too. As for the secret superpower in corporate environments, it's knowing how to write concise, well-structured docs. Take a writing course and see your life change overnight.
9
31
5
273
Replying to @lcamtuf
This, I'm afraid, started to make me angry, the more I thought about it. > If reviewing a code change makes you >angry, it's time to pause; 1/
1
0
0
0
It's a perfect example of why aspiring sec ppl should never listen to gurus, geniuses and net.gods . In the real world - in the trenches of corp infosec - if you're not famtastsing about punching someone in the face every day, either you're doing it wrong or... Well. That's it.
1
0
0
0