Programmer thinking of pivoting to security

envo

Expert Member
Joined
Jan 14, 2014
Messages
3,265
Reaction score
437
I've been programming for well over 20 years now; Front-end, Back-end, "Big Data", Web, SPA... you name it I've done it, even sys admin. I won't say programming will ever get boring for me, there's way too much to still sink my teeth into and want to dabble in. This has always been my hobby/passion in life.....but....

Doing this professionally has its downsides. I'm never left to just code. I'm always stuck with an impossible deadlines I have to meet with unclear instructions from clients or specs that change or meetings that could have been e-mails. That's just a given in the field, and doesn't bother me much, although the thorn in my side and the cause of most of the stress in my life at the end of the day.

Lately I've been thinking of pivoting to cyber security as that has always been an interest of mine as well, and have on many occasions, been given blank stares by peers when I do code review and find glaring security issues because no one bothers to keep an eye out for what nefarious people would/could do...

Wondering if it's a bad idea pivoting from programming to security and would love to hear some of the pitfalls/gripes some security specialists have out there. I'd would imagine doing a pen test and giving a report isn't going to change based on a spec from a client, nor would there be impossible deadlines set to make something work, and my hands would be free from a programming aspect when handing off these reports to those who would sit with these daily struggles to make their apps more secure.

My main goal is to do something new that I still love/have an interest in, while reducing stress from the constant BS in the programming field.
 
Sounds like CISSP or similar might work for you. Not many in South Africa I believe.
Check out www.cybrary.it
Check through all the security courses.
Research ones that have your attention.
Check exam availability in S.A. Cost etc.
 
I've been programming for well over 20 years now; Front-end, Back-end, "Big Data", Web, SPA... you name it I've done it, even sys admin. I won't say programming will ever get boring for me, there's way too much to still sink my teeth into and want to dabble in. This has always been my hobby/passion in life.....but....

Doing this professionally has its downsides. I'm never left to just code. I'm always stuck with an impossible deadlines I have to meet with unclear instructions from clients or specs that change or meetings that could have been e-mails. That's just a given in the field, and doesn't bother me much, although the thorn in my side and the cause of most of the stress in my life at the end of the day.

Lately I've been thinking of pivoting to cyber security as that has always been an interest of mine as well, and have on many occasions, been given blank stares by peers when I do code review and find glaring security issues because no one bothers to keep an eye out for what nefarious people would/could do...

Wondering if it's a bad idea pivoting from programming to security and would love to hear some of the pitfalls/gripes some security specialists have out there. I'd would imagine doing a pen test and giving a report isn't going to change based on a spec from a client, nor would there be impossible deadlines set to make something work, and my hands would be free from a programming aspect when handing off these reports to those who would sit with these daily struggles to make their apps more secure.

My main goal is to do something new that I still love/have an interest in, while reducing stress from the constant BS in the programming field.

While I have certainly experienced the above as a programmer, I have also noticed that it is mostly a company-culture/type-of-work thing.

In my last company I started off as 95% coding, but within a few years, it was probably around 70%, after a transition to management, it went down to 50%, and then after a few years of that, perhaps 10%.

An opportunity to move industries and also become a developer again came up. My concern was: Do I become a developer again? Is that a step backwards in my career?

They offered a lot more, so I took it. ;) Back to 95% coding for another 6 years or so, but now a bit more meetings, but still 75%+ coding. The key thing being that taking a more hands-on job at a better company turned out to get me everything I wanted: no pay cut, better work, and being distanced from the politics for quite a few more years. A lot of people remain in the tangle because they (ironically) worked hard and long to get there, and that experience wouldn’t directly translate to another company.
 
While I have certainly experienced the above as a programmer, I have also noticed that it is mostly a company-culture/type-of-work thing.

In my last company I started off as 95% coding, but within a few years, it was probably around 70%, after a transition to management, it went down to 50%, and then after a few years of that, perhaps 10%.

An opportunity to move industries and also become a developer again came up. My concern was: Do I become a developer again? Is that a step backwards in my career?

They offered a lot more, so I took it. ;) Back to 95% coding for another 6 years or so, but now a bit more meetings, but still 75%+ coding. The key thing being that taking a more hands-on job at a better company turned out to get me everything I wanted: no pay cut, better work, and being distanced from the politics for quite a few more years. A lot of people remain in the tangle because they (ironically) worked hard and long to get there, and that experience wouldn’t directly translate to another company.
I sort of agree with you, but it seems no matter what the intention of the company when they hire, it's 99% chance that I end up chasing sales/PM's/clients anyway and managing the manager regardless. I've worked in every industry imaginable, all the I.T stuff are the same (even world-wide, worked in Dubai / London / Australia). I tend to stay an average of 3 years. But since I hit the 40 milestone last week, I'm starting to wonder if an early grave is worth it or if I should just try do something else that won't mean programmer stress and nonsense I have to deal with.
 
A very tough pivot but have also considered doing so.
Look into CISSP and see how you get on there. Should give you a good idea if you have the aptitude for it.

Another forum member sent me a guide of things to look at when I mentioned this as well. I'll look for the message in my inbox tonight
 
A very tough pivot but have also considered doing so.
Look into CISSP and see how you get on there. Should give you a good idea if you have the aptitude for it.

Another forum member sent me a guide of things to look at when I mentioned this as well. I'll look for the message in my inbox tonight
Thanks, I do have an aptitude for it. When I get bored I compromise systems for fun and report the vulnerability to the owners. But I'd rather netflix and chill than do that after spending 10+ hours in-front of the PC changing yet another unmentioned "but why wasn't this done" business rule
 
I sort of agree with you, but it seems no matter what the intention of the company when they hire, it's 99% chance that I end up chasing sales/PM's/clients anyway and managing the manager regardless. I've worked in every industry imaginable, all the I.T stuff are the same (even world-wide, worked in Dubai / London / Australia). I tend to stay an average of 3 years. But since I hit the 40 milestone last week, I'm starting to wonder if an early grave is worth it or if I should just try do something else that won't mean programmer stress and nonsense I have to deal with.

Perhaps try the US (protip: wait for next president) next. :) My last two jobs (nearly 10 years each), really tried to keep tech talent focused on tech and not admin. They consciously recognize that it's a waste to take someone who excels in technology, and make them do other types of work - even if the person can do the work, it's usually still a net loss to the company.
 
Perhaps try the US (protip: wait for next president) next. :) My last two jobs (nearly 10 years each), really tried to keep tech talent focused on tech and not admin. They consciously recognize that it's a waste to take someone who excels in technology, and make them do other types of work - even if the person can do the work, it's usually still a net loss to the company.
At this point I'll endure the current president. Not desperate though, I've made a move recently, so looking to stick it out until I get my citizenship, which will then allow me to move more freely around the world (should have done it years ago). If 'murica is getting it right in that aspect, then why not.
 
I sort of agree with you, but it seems no matter what the intention of the company when they hire, it's 99% chance that I end up chasing sales/PM's/clients anyway and managing the manager regardless. I've worked in every industry imaginable, all the I.T stuff are the same (even world-wide, worked in Dubai / London / Australia). I tend to stay an average of 3 years. But since I hit the 40 milestone last week, I'm starting to wonder if an early grave is worth it or if I should just try do something else that won't mean programmer stress and nonsense I have to deal with.

Why not target a company that doesn’t have clients?

And I don’t mean a company that doesn’t have customers, I mean one where you develop for the company itself.

The culture is completely different in a business that is self serving as such.
 
Why not target a company that doesn’t have clients?

And I don’t mean a company that doesn’t have customers, I mean one where you develop for the company itself.

The culture is completely different in a business that is self serving as such.
In my current role, my team and myself are the clients. No sales, customers, PMs or managers. :) It does indeed make a huge difference. Perhaps a bit of a unicorn though.
 
In my current role, my team and myself are the clients. No sales, customers, PMs or managers. :) It does indeed make a huge difference. Perhaps a bit of a unicorn though.
Isn't that just a fancy way of being an employee?
Or are you guys suggesting he be a contractor/consultant?
If so, I wouldn't just stick to one company.
I know of specific developers that work as contractors and do consultation for a few businesses at a time.
If I had your knowledge, I wouldn't just stick to doing work for one company.
 
Isn't that just a fancy way of being an employee?
Or are you guys suggesting he be a contractor/consultant?
If so, I wouldn't just stick to one company.
I know of specific developers that work as contractors and do consultation for a few businesses at a time.
If I had your knowledge, I wouldn't just stick to doing work for one company.

Well, most software engineers have to deal with either sales, customers, PMs or managers, especially as they become more senior. It's pretty rare than one doesn't. Consultants and contractors by definition have to work with customers.

In my case, I've worked on very confidential IP for most of my career, so it has never been work that would be given to a contractor or anyone with competing or conflicting priorities. My current non-compete is 2 years.
 
Well, most software engineers have to deal with either sales, customers, PMs or managers, especially as they become more senior. It's pretty rare than one doesn't. Consultants and contractors by definition have to work with customers.

In my case, I've worked on very confidential IP for most of my career, so it has never been work that would be given to a contractor or anyone with competing or conflicting priorities. My current non-compete is 2 years.
Yep. I'm not suggesting or implying that software engineers/developers don't work with customers or any range of people you mentioned.
I'm in the lower bracket of the IT sphere and I've had to do the same for many years as well, albeit not at the level you do it.
I just resigned recently and I'm packing up my life and moving on.
3 years+ working for a place and I don't even get a "cheers" or "thanks" for any of it.
It's all about the money at the end of the day. Whether that's positive or negative depends on the circumstance.
In my case I've worked more than a year for less than half of my agreed salary. So believe me, I'm used to the bullshit that companies/employers spin at times.
 
Yep. I'm not suggesting or implying that software engineers/developers don't work with customers or any range of people you mentioned.
I'm in the lower bracket of the IT sphere and I've had to do the same for many years as well, albeit not at the level you do it.
I just resigned recently and I'm packing up my life and moving on.
3 years+ working for a place and I don't even get a "cheers" or "thanks" for any of it.
It's all about the money at the end of the day. Whether that's positive or negative depends on the circumstance.
In my case I've worked more than a year for less than half of my agreed salary. So believe me, I'm used to the bullshit that companies/employers spin at times.
Urgh. Sorry to hear that - best of luck for what comes next.
 
Sounds like CISSP or similar might work for you. Not many in South Africa I believe.
Check out www.cybrary.it
Check through all the security courses.
Research ones that have your attention.
Check exam availability in S.A. Cost etc.

I know 3-4 just off the top of my head - can't be all that rare, or I apparently am just part of a very elite club :D (I'm not in infosec nor do I hold a CISSP).
 
Top
Sign up to the MyBroadband newsletter
X