Description
Growing up before the Internet invaded everything, my discovery of computers in my teen years was akin to discovering and exploring a new hidden alien world. That shiny TRS-80 in my high school library was a magical portal of unlimited possibilities. I’m happy to say that that magic still tickles my brain. As I grew in knowledge and skill, I delved deeper into technology’s sorcerous mysteries: programming, dial-up communities, the Internet, hacking culture. It was here that I found IT security: the most engaging, most challenging, most thought-provoking aspect of computing. Security feels like a never-ending undersea duel between remote-controlled fleets of submarines during uncertain weather conditions.
Congratulations for choosing to work in IT security—doing combat engineering in the war zone of the Internet. It’s exciting and exacting work, where a single lapse can mean a hole that an invisible intruder can creep into. Security can also be the kind of work that not everyone appreciates. Much like airport security, IT security gets in the way, slows us down, and creates a hassle. Many people see security as overhead that apparently contributes nothing to revenue or growing the customer base.
Security defines its best successes to be when nothing happens. After a long period of these kinds of successes, an organization ponders whether you are necessary or not. Then you have to deal with the bothersome chore of justifying what you’ve done to an auditor and the budget axe.
When things do go wrong, many quickly accuse the security team of negligence and ineptitude. Breaches often end up as headlines, embarrassing the whole organization. IT security teams can be trotted out by their own organization as the scapegoats. All of this humiliation is suffered while knowing that the bad guys have outspent, outlasted, and outwitted you.
It’s not enough to discourage me, though. There is the thrill of the chase and arrest of the perpetrators. I’ve helped take down a tiny fraction of them, but that’s ancillary to what matters. What IT security does is protect privacy, bolster confidence, and keep vital systems up. It feels good to make critical systems more durable and predictable—and maybe knowing that you’ve deprived some creep of one less victim. I am energized by designing new systems and making them resilient in the face of a horde of attackers. There’s joy in digging deep and figuring out where the holes are, where the best place to bolster the defenses is, and then untangling all of this for the financial decision makers. It’s more compelling than all the puzzles and video games in the world. IT security is an interesting and challenging field, which rewards dedication and open-mindedness.