As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

IT Careers: Security or Developer?

I’m aggressively trying to narrow down a career path to follow, and so far I’m leaning between two types of IT-related paths: Cyber Security or Developer (haven’t quite pinned down what I would be a developer of). I wanted to ask some advice on the pros and cons of each, as well as any other information anyone can provide.

I’ve been trying to get that info elsewhere, and so far I’m leaning more towards the Developer side of things. It sounds like it would be more suited for me, as Network and Security is more about “going through the motions” in maintaining a network, while Developer-based jobs can potentially allow more unique and creative experiences. Anecdotally, it also sounds like it’s a lot harder to get into the Network side due to a more competitive market, though I’ve read a couple of opinions that the same applies to Developer.

I’m also trying to figure out how to get started in either. It seems that for Networking, you want to land an entry level Help Desk job right away, because it lets you get the experience bigger positions want while also learning on the job. As for Developer, it seems Programmer/Coding is the type of entry level job to start with, though it also sounds like it’s possible to enroll in a school that will also place you in a sponsored/contracted job to get both the exp and certs.

I’ve sat on my hands for too long about this, so I want to make a decision already. I’ll consider other paths I haven’t mentioned either, but I really want to narrow things down to what I should do, what do I need to get there and how do I get started.

«1

Posts

  • DjeetDjeet Registered User regular
    edited February 2018
    I'm in the sysadmin/netadmin or "security" side. I do not "go through the motions", nor do any of my colleagues. Sometimes there are slow times, and a few times I've come in Friday morning and didn't leave til Monday. I often have to leave what I'm trying to work on to put out someone else's fire. There are often crunch times for developers and your non-developer IT staff typically needs to be involved. If they are trying to get a build out and the source control server, or build machine, or email server is unavailable at 3AM then I get a call and may have to go in. I've only worked at start-ups or small companies. Larger organizations may have better time scheduling. I spend a fair amount of time developing documentation or emails regarding processes, which was not something I expected going into IT.

    Be aware that as a developer you're not going to have much creative input until you've a decent amount of experience. From my observations developers spend about 90%+ of their time fixing or elsewise managing existing poorly documented code.

    From your post history, are you just spit-balling again? Cause the most important step is just to make a decision and do something, like literally anything. You can be quite successful in either the sysadmin role or the developer role, and you're going to have to grind, a lot, in either to get anywhere.

    Edit: You may want to post this to the main threads in Moe's. There are big ones for developers and sysadmins individually.

    Djeet on
  • [Michael][Michael] Registered User regular
    Cyber Security or networking are definitely not "going through the motions" type jobs. Both security and developer jobs are in relatively high demand right now, security moreso. There was a recent article saying that by 2021 there will be 3.5 million unfilled cyber security jobs.

    I can really only give advice on the path to becoming a developer. There's basically coding boot-camps, self-taught learning, or university. I wouldn't recommend boot-camps. Anecdotally, I haven't heard positive experiences from them, and their published statistics tend to be misleading. Additionally, developer certs aren't typically very important or relevant. Definitely not the first thing to shoot for, anyhow. Self-taught is a legitimate route, but it's tough, and you're still going to be at a disadvantage to those who get a degree. We talked about this recently in the programming thread Djeet mentioned.

    All the routes are a lot of work. University has the advantage of being the easiest way in once you're done, and you can always switch majors if it's not your cup of tea. The IT industry tends to be lucrative enough that it's worth the investment. It's a biiig commitment that requires you to follow through, though!

    I went to school, did an internship, got hired as a full-time developer while still finishing the last year and a half of school and have been happily employed since (coming up on 3 years post-graduation). It took a decent amount of student loans to get through, but by graduation, I was in a muuuch better place financially than I was before.

  • MadpoetMadpoet Registered User regular
    Having spent 10 years in IT and 7 as a dev, fuck IT with a chainsaw. If you do well, nobody knows you're there, and when something goes wrong it's your fault. You start out super low on the food chain, and it takes years of boring help desk work to get to an interesting position. Which may never come, since the owner's nephew is totally a wiz with computers...
    As a dev? My last job nicknamed me The Wizard. Muggles are in awe of what I can provide for them. In theory users should be telling me what they want me to build, but in reality they don't want to make decisions, so they're easy to nudge in the directions I want to go. Pay doubled in the first few years I was in the industry and is steadily climbing. And I can get in at 10am instead of 8, since there's rarely anything on fire in the morning.
    I used my IT skills to leverage my way into the industry, so it's not a route anyone can do. But "I can run your servers AND code internal tools" is really attractive to certain businesses.

  • bowenbowen How you doin'? Registered User regular
    I’m aggressively trying to narrow down a career path to follow, and so far I’m leaning between two types of IT-related paths: Cyber Security or Developer (haven’t quite pinned down what I would be a developer of). I wanted to ask some advice on the pros and cons of each, as well as any other information anyone can provide.

    I’ve been trying to get that info elsewhere, and so far I’m leaning more towards the Developer side of things. It sounds like it would be more suited for me, as Network and Security is more about “going through the motions” in maintaining a network, while Developer-based jobs can potentially allow more unique and creative experiences. Anecdotally, it also sounds like it’s a lot harder to get into the Network side due to a more competitive market, though I’ve read a couple of opinions that the same applies to Developer.

    I’m also trying to figure out how to get started in either. It seems that for Networking, you want to land an entry level Help Desk job right away, because it lets you get the experience bigger positions want while also learning on the job. As for Developer, it seems Programmer/Coding is the type of entry level job to start with, though it also sounds like it’s possible to enroll in a school that will also place you in a sponsored/contracted job to get both the exp and certs.

    I’ve sat on my hands for too long about this, so I want to make a decision already. I’ll consider other paths I haven’t mentioned either, but I really want to narrow things down to what I should do, what do I need to get there and how do I get started.

    You will need a 2 or 4 year degree for entry level in either of those fields. The days of just getting an entry level position and working your way up to network security or software developer are gone.

    There aren't really certs for programming. There are coding workshops and all that, but at the best you will be able to expect a $12 an hour job. There are certs for system admin and network security, sure, but, these jobs are highly competitive and people with degrees already have those certs too.

    Do you have a degree currently?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    There seems to be an assumption here that cybersecurity and networking are interchangeable.

    It's true that a lot of networking people grow into cybersecurity, but they are different specialties with different skillsets.

    Cybersecurity can (and often does) involve mild software development skills. It's not uncommon for penetration testers to compile proof-of-concepts for exploits, or to modify and recompile a known exploit to target a specific environment.

    There are also developers who focus specifically on security, by looking for exploits in code.

    I've been seeing a lot more recent graduates coming out of cybersecurity-specific educational programs where they spent more time playing with Metasploit and Kali and less time tinkering with routers and switches.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • EchoEcho ski-bap ba-dapModerator mod
    Feral wrote: »
    Cybersecurity can (and often does) involve mild software development skills. It's not uncommon for penetration testers to compile proof-of-concepts for exploits, or to modify and recompile a known exploit to target a specific environment.

    There are also developers who focus specifically on security, by looking for exploits in code.

    I work as a developer in IT security and I don't do the actual security bits (...yet, I've spotted a fair share of exploitable stuff I've passed on), but 100% this. The best way to do a proof of concept for an exploit is to code something up that does it, not just writing a list of instructions.

  • bowenbowen How you doin'? Registered User regular
    Also there's not a whole lot of creativity in IT fields.

    For software development... yes we think up solutions and create them, they're math heavy (specifically algebra) and it's not really much different than solving algebra word problems. Sometimes you create UI but that's rareish, sometimes not the main focus, and more oriented towards UI developers specifically (which is a field that's almost half artist, half developer). Your other thread said you were looking for creative fields, and you hinted at it here too, so you might not be looking at the right fields for what you actually want.

    I don't know how to say this politely but your other threads show lack of following through on things, which is going to be a huge detriment in IT as a whole. A lot of IT deals with emergency situations, so you might want to actively avoid it if you're looking for creative. And if you are the type to start something and not finish it you're going to find it tiring and frustrating and it's probably not the field for you.

    You also mentioned in the previous thread you want to create something that lasts and have recognition, but I'll be honest very few people actually get that out of life, and this is going to follow up with your anxiety stuff you mentioned not too long ago and I think you actually have larger life problems you might need to deal with here that piecemealing solutions might not be able to accomplish.

    I'm making some assumptions though, which I have a habit of doing for better or worse. My question to you is what's your end goal here? What do you want and need and why do you think IT/Software is going to solve that for you?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Professor SnugglesworthProfessor Snugglesworth Registered User regular
    Apologies for the large multi-quote string, couldn't respond while at work.
    Djeet wrote: »
    I'm in the sysadmin/netadmin or "security" side. I do not "go through the motions", nor do any of my colleagues. Sometimes there are slow times, and a few times I've come in Friday morning and didn't leave til Monday.

    You mean...you worked the whole weekend and then some? Is that normal for that kind of profession?
    From your post history, are you just spit-balling again? Cause the most important step is just to make a decision and do something, like literally anything. You can be quite successful in either the sysadmin role or the developer role, and you're going to have to grind, a lot, in either to get anywhere.

    Not spit-balling. As I said, I'm being more aggressive in making a decision, as I've spent too much time (basically a whole year) sitting on my hands. So far these are the two fields I've narrowed it down to, but I still have a lot of information that I need and I could wind up doing something else entirely. Again, trying to narrow my choices down, because I want to make a decision quick and I'm frankly bored of my current job. But I still need to be mostly certain before I jump into something.
    Madpoet wrote: »
    Having spent 10 years in IT and 7 as a dev, fuck IT with a chainsaw. If you do well, nobody knows you're there, and when something goes wrong it's your fault. You start out super low on the food chain, and it takes years of boring help desk work to get to an interesting position. Which may never come, since the owner's nephew is totally a wiz with computers...
    As a dev? My last job nicknamed me The Wizard. Muggles are in awe of what I can provide for them. In theory users should be telling me what they want me to build, but in reality they don't want to make decisions, so they're easy to nudge in the directions I want to go. Pay doubled in the first few years I was in the industry and is steadily climbing. And I can get in at 10am instead of 8, since there's rarely anything on fire in the morning.
    I used my IT skills to leverage my way into the industry, so it's not a route anyone can do. But "I can run your servers AND code internal tools" is really attractive to certain businesses.

    This here's part of the problem (not you specifically). I'm still getting conflicting information that hasn't made it any easier to choose. Some opinions praise the Network/Security side while also saying Developer is a tedious nightmare, and vice versa.
    bowen wrote: »
    I’m aggressively trying to narrow down a career path to follow, and so far I’m leaning between two types of IT-related paths: Cyber Security or Developer (haven’t quite pinned down what I would be a developer of). I wanted to ask some advice on the pros and cons of each, as well as any other information anyone can provide.

    I’ve been trying to get that info elsewhere, and so far I’m leaning more towards the Developer side of things. It sounds like it would be more suited for me, as Network and Security is more about “going through the motions” in maintaining a network, while Developer-based jobs can potentially allow more unique and creative experiences. Anecdotally, it also sounds like it’s a lot harder to get into the Network side due to a more competitive market, though I’ve read a couple of opinions that the same applies to Developer.

    I’m also trying to figure out how to get started in either. It seems that for Networking, you want to land an entry level Help Desk job right away, because it lets you get the experience bigger positions want while also learning on the job. As for Developer, it seems Programmer/Coding is the type of entry level job to start with, though it also sounds like it’s possible to enroll in a school that will also place you in a sponsored/contracted job to get both the exp and certs.

    I’ve sat on my hands for too long about this, so I want to make a decision already. I’ll consider other paths I haven’t mentioned either, but I really want to narrow things down to what I should do, what do I need to get there and how do I get started.

    You will need a 2 or 4 year degree for entry level in either of those fields. The days of just getting an entry level position and working your way up to network security or software developer are gone.

    There aren't really certs for programming. There are coding workshops and all that, but at the best you will be able to expect a $12 an hour job. There are certs for system admin and network security, sure, but, these jobs are highly competitive and people with degrees already have those certs too.

    Do you have a degree currently?

    Majority of folks have said something similar, in that there's no real reason to go to school for either of these. There's a lot of online material out there, and it seems companies prefer a solid portfolio and experience under your belt. Which is why when I do decide which field to focus on, I also have to know which of the skills and/or certs are essential (this is something I'm also seeing people argue about at length. One person says CompTIA+ is a must, another will say it's outdated).

    I have a BA in Criminal Justice, which probably has no bearing on any of this whatsoever.
    bowen wrote: »
    Also there's not a whole lot of creativity in IT fields.

    For software development... yes we think up solutions and create them, they're math heavy (specifically algebra) and it's not really much different than solving algebra word problems. Sometimes you create UI but that's rareish, sometimes not the main focus, and more oriented towards UI developers specifically (which is a field that's almost half artist, half developer). Your other thread said you were looking for creative fields, and you hinted at it here too, so you might not be looking at the right fields for what you actually want.

    I don't know how to say this politely but your other threads show lack of following through on things, which is going to be a huge detriment in IT as a whole. A lot of IT deals with emergency situations, so you might want to actively avoid it if you're looking for creative. And if you are the type to start something and not finish it you're going to find it tiring and frustrating and it's probably not the field for you.

    You also mentioned in the previous thread you want to create something that lasts and have recognition, but I'll be honest very few people actually get that out of life, and this is going to follow up with your anxiety stuff you mentioned not too long ago and I think you actually have larger life problems you might need to deal with here that piecemealing solutions might not be able to accomplish.

    I'm making some assumptions though, which I have a habit of doing for better or worse. My question to you is what's your end goal here? What do you want and need and why do you think IT/Software is going to solve that for you?

    I am admittedly using the word "creative" rather loosely. I'm basically referring to a job where I'm not just doing the same thing over and over, like in my current job. I have a specific itinerary: I check on employees, I check on A/V equipment, I jot down what's working and what needs fixing. Rinse and repeat.

    I would at least like a long-term profession where there's a bit more variety, and any situation where I can put a personal spin on that would be what I count as "creative". That being said this is also way below my priorities for a career. To answer your other question, the things I want are job security, job availability and a good salary. On a personal level, I would also like to be good at the job, i.e. not struggling and messing up constantly, which is why I'm now shying from the Developer side due to reports about the heavy amounts of coding.

    But again, still gathering that info. But I think I'm getting closer.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Apologies for the large multi-quote string, couldn't respond while at work.
    Djeet wrote: »
    I'm in the sysadmin/netadmin or "security" side. I do not "go through the motions", nor do any of my colleagues. Sometimes there are slow times, and a few times I've come in Friday morning and didn't leave til Monday.

    You mean...you worked the whole weekend and then some? Is that normal for that kind of profession?

    For network administration or system administration? Yes. Long hours and unusual hours are required.

    A good company will try to make sure your weekend & night work is scheduled well in advance, and will provide you overtime or comp time in return for your long hours.

    Most companies will try to do that, but they don't always succeed. There will be occasions when a server outage drags you into the office unexpectedly, or an unusual problem that should only take 1 hour to fix ends up taking 6. Ideally those instances should be rare, but they still happen.

    But even in the best of situations, you're still going to need to do server or network maintenance, and that's usually easier done at night.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    I would at least like a long-term profession where there's a bit more variety, and any situation where I can put a personal spin on that would be what I count as "creative". That being said this is also way below my priorities for a career. To answer your other question, the things I want are job security, job availability and a good salary. On a personal level, I would also like to be good at the job, i.e. not struggling and messing up constantly, which is why I'm now shying from the Developer side due to reports about the heavy amounts of coding.

    Coding is the future.

    System administration is slowly turning into "devops," where instead of deploying servers yourself, you write code or scripts to deploy servers for you. This way one skilled technician can deploy 10 or 100 servers at a time.

    Network administration is slowly turning into "software-defined networking," where instead of deploying networks yourself, you write code or scripts to deploy networks for you. This way one skilled technician can handle a network with 10 or 100 times the size and complexity than they could in the past.

    The old ways of doing things aren't going extinct. However, the growth of these pseudodeveloper jobs is outpacing traditional network/server administration by a significant margin.

    And even now, in traditional network & server administration, a tech who is competent in scripting will run circles around a tech who is not.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • schussschuss Registered User regular
    Even devs will often work weekends or nights if production is on fire. The start is honestly dev, as you need coding skills to do both security and sysadmin well. If you dislike routine, you may be disappointed, as a lot of coding is sticking classic patterns together in different ways.
    Only potential shortcut is a coding bootcamp with strong company connections, but that's expensive and you'll need to be top of the class after 3 months of 10-12 hour days 7 days a week to get a good offer.

  • RadiationRadiation Registered User regular
    BA with Criminal Justice would make a pretty good Cybersecurity backing if you were interested in the Law enforcement side of things.

    PSN: jfrofl
  • Professor SnugglesworthProfessor Snugglesworth Registered User regular
    Radiation wrote: »
    BA with Criminal Justice would make a pretty good Cybersecurity backing if you were interested in the Law enforcement side of things.

    I was thinking the same. It would be nice to still have a government job (lots of paid vacations and benefits) that paid significantly more.

    I’ve yet to find out if getting into Cybersecurity is the same as Networking. I really need to find out which skills and/or certs I should start learning that will actually increase my odds of landing a job.

  • Gilbert0Gilbert0 North of SeattleRegistered User regular
    I think you took the opposite @Bowen's point. You need a 2 or 4 year degree first. A degree in the discipline your trying to get into. In this case it's an IT diploma or a 4 year Computer Science degree. You can't (normally) take a Criminal Justice degree to a developer. Especially for Government work. The job requirements are typically like:

    - 4 year degree w/ 2 years experience
    OR 2 year degree w/ 4 years experience
    OR 6 years experience

    So if you have no degree and no experience, they (typically) won't hire you. Not saying they won't but it's VERY unlikely.

    Personally, try to look at job postings now. See what their requirements are. Do they want a degree? Do they want a Microsoft Certificate? Do they want Industry cert or courses (like SANS courses).

    But almost every option is spending lots of $$$.

  • bowenbowen How you doin'? Registered User regular
    bowen wrote: »
    I’m aggressively trying to narrow down a career path to follow, and so far I’m leaning between two types of IT-related paths: Cyber Security or Developer (haven’t quite pinned down what I would be a developer of). I wanted to ask some advice on the pros and cons of each, as well as any other information anyone can provide.

    I’ve been trying to get that info elsewhere, and so far I’m leaning more towards the Developer side of things. It sounds like it would be more suited for me, as Network and Security is more about “going through the motions” in maintaining a network, while Developer-based jobs can potentially allow more unique and creative experiences. Anecdotally, it also sounds like it’s a lot harder to get into the Network side due to a more competitive market, though I’ve read a couple of opinions that the same applies to Developer.

    I’m also trying to figure out how to get started in either. It seems that for Networking, you want to land an entry level Help Desk job right away, because it lets you get the experience bigger positions want while also learning on the job. As for Developer, it seems Programmer/Coding is the type of entry level job to start with, though it also sounds like it’s possible to enroll in a school that will also place you in a sponsored/contracted job to get both the exp and certs.

    I’ve sat on my hands for too long about this, so I want to make a decision already. I’ll consider other paths I haven’t mentioned either, but I really want to narrow things down to what I should do, what do I need to get there and how do I get started.

    You will need a 2 or 4 year degree for entry level in either of those fields. The days of just getting an entry level position and working your way up to network security or software developer are gone.

    There aren't really certs for programming. There are coding workshops and all that, but at the best you will be able to expect a $12 an hour job. There are certs for system admin and network security, sure, but, these jobs are highly competitive and people with degrees already have those certs too.

    Do you have a degree currently?

    Majority of folks have said something similar, in that there's no real reason to go to school for either of these. There's a lot of online material out there, and it seems companies prefer a solid portfolio and experience under your belt. Which is why when I do decide which field to focus on, I also have to know which of the skills and/or certs are essential (this is something I'm also seeing people argue about at length. One person says CompTIA+ is a must, another will say it's outdated).

    I have a BA in Criminal Justice, which probably has no bearing on any of this whatsoever.
    bowen wrote: »
    Also there's not a whole lot of creativity in IT fields.

    For software development... yes we think up solutions and create them, they're math heavy (specifically algebra) and it's not really much different than solving algebra word problems. Sometimes you create UI but that's rareish, sometimes not the main focus, and more oriented towards UI developers specifically (which is a field that's almost half artist, half developer). Your other thread said you were looking for creative fields, and you hinted at it here too, so you might not be looking at the right fields for what you actually want.

    I don't know how to say this politely but your other threads show lack of following through on things, which is going to be a huge detriment in IT as a whole. A lot of IT deals with emergency situations, so you might want to actively avoid it if you're looking for creative. And if you are the type to start something and not finish it you're going to find it tiring and frustrating and it's probably not the field for you.

    You also mentioned in the previous thread you want to create something that lasts and have recognition, but I'll be honest very few people actually get that out of life, and this is going to follow up with your anxiety stuff you mentioned not too long ago and I think you actually have larger life problems you might need to deal with here that piecemealing solutions might not be able to accomplish.

    I'm making some assumptions though, which I have a habit of doing for better or worse. My question to you is what's your end goal here? What do you want and need and why do you think IT/Software is going to solve that for you?

    I am admittedly using the word "creative" rather loosely. I'm basically referring to a job where I'm not just doing the same thing over and over, like in my current job. I have a specific itinerary: I check on employees, I check on A/V equipment, I jot down what's working and what needs fixing. Rinse and repeat.

    I would at least like a long-term profession where there's a bit more variety, and any situation where I can put a personal spin on that would be what I count as "creative". That being said this is also way below my priorities for a career. To answer your other question, the things I want are job security, job availability and a good salary. On a personal level, I would also like to be good at the job, i.e. not struggling and messing up constantly, which is why I'm now shying from the Developer side due to reports about the heavy amounts of coding.

    But again, still gathering that info. But I think I'm getting closer.

    Yeah you probably aren't going to see a job in IT with just certificates anymore. Early 2000s? Yes. 2018? No. It's much too competitive. You don't bring anything over the guy who has a 4 year bachelors in comp sci who also has those certificates. It's not impossible, but you'll be "the IT guy", because you'll be putting on many hats and working for a smaller business.

    A lot of jobs follow that format. It's best not to set your sights too high I guess, and make you think the grass is greener because software developers and devops are the new hotness. A lot of software development is bugfixes, tickets, and straight coding. Developers don't really get involved in new big projects too often, maybe a few side utilities. Even working for a large software vendor you'll often find yourself, especially first starting out, in the weeds of debugging and bugfixes. You can match a lot of that workflow up with what you do currently. IT isn't much different, check on servers, deal with trouble tickets, deploy updates and upgrades (change as appropriate for your specialization).

    Most jobs are mundane. Anything outside of the creative wheelhouse of R&D or art is probably going to be boring as fuck and I don't think it's going to be fulfilling to you in that way.

    There's only so many people that can work on the new hot things, and they come with a lot of career volatility too (you mentioned you like job security).

    Bugfixing a faxserver and figuring out why TIFFs aren't generating from fax data isn't going to make you notable, for instance.

    I don't want you to do a huge career switch and hate it, managers might not write code, but most lead software developers do.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Inquisitor77Inquisitor77 2 x Penny Arcade Fight Club Champion A fixed point in space and timeRegistered User regular
    "Creative" jobs in the software development field are exceedingly rare and incredibly biased towards the ends of the compensation spectrum, much like any other "creative" job. Basically a company does not need 15 different idea people or UI people. They need one person with a coherent vision that can get stakeholder buy-in, and then a bunch of low-level people who do tasks like research and testing and interviews. Even in massive companies like Apple and Google the hierarchy for design has essentially one person per product with a ton of grunts under them doing "boring" shit and not figuring out how to make the new iPhone.

    Both software development and IT security are massive, massive fields with a ton of different job roles and tasks. A FORTRAN coder who works for a financial firm will make a ton of money working ridiculous hours trying to find ways to shorten the amount of time it takes to send and process transactions by literal microseconds has a very different job and a very different day-to-day with a very different experience and very different creative outlets than someone who has to manage the data storage architecture for a small healthcare provider that needs to stay up to date with the latest HIPAA and HITEC compliance rules. And these jobs are different still from a dev who has to build an internal employee application for an insurance company to calculate premiums.

    And I didn't even mention IT, which is actually even more varied than software development because you can't even rely on a fundamental understanding of basic coding logic across fields/languages like you can with programmers. There are IT people whose only job is to set up hardware for employees. There are IT people who spend all day trying to break into systems or write scripts or read code looking for exploits. There are even IT people who have to physically travel across the country constantly to check server racks or cable hookups.

    There is no answer for what you are asking, because what you are asking for is certainty. No one knows what you will actually like doing. No one knows what is best suited to your skill set. No one knows the jobs or opportunities you will be offered, the environments you will be working in, or the company cultures you will encounter. Most importantly, we aren't you.

    My recommendation would be to sit down and actually try to perform a task. If you want to try coding, go code something and see how you like it. If you want to set up networks than go screw around with your home's. If you want to be a hacker than go start hacking. Take a lesson from Macy's - if you want to know whether something is a good fit then try it on and find out.

    If you find something doesn't quite feel right, then cross it off the list and move on to something else.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited February 2018
    Networking and cybersecurity are overlapping, but not equivalent, skillsets.

    I literally just rejected an applicant who was a stellar cybersecurity candidate because he didn't have enough networking knowledge. It broke my heart, he was an excellent interviewee. His skillset just wasn't a good fit for the system administration position we were trying to fill.

    There are security-specific educational programs and certifications out there. CompTIA Security+, SANS GIAC, and Certified Ethical Hacker are a few examples.

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • DjeetDjeet Registered User regular
    edited February 2018
    Apologies for the large multi-quote string, couldn't respond while at work.
    Djeet wrote: »
    I'm in the sysadmin/netadmin or "security" side. I do not "go through the motions", nor do any of my colleagues. Sometimes there are slow times, and a few times I've come in Friday morning and didn't leave til Monday.

    You mean...you worked the whole weekend and then some? Is that normal for that kind of profession?

    Yes, I'd say I put in 35+ hours that F-M. Start up Co. Email database corruption. Mission critical service. No backup, meaning I was on my own. They would not tolerate restore from previous week. I didn't know what a jet log was, and had never heard of eseutil. This was awhile back E5.5, and I think most orgs use hosted exchange now.

    Is it normal? I don't know. I've only worked in small houses. Never more than 50. I would think in a large org you'd have someone to back you up.

    And I don't mean this as a downer. I learned so much, so quickly by being thrown into that environment. I think it beat every boot camp or degree out there at the time. I don't know how it works nowadays for your entry-level IT support/admin.


    Edit: Also, pretty much every developer works more hours than I do. My "developing" is PHP and other scripts.

    Djeet on
  • EchoEcho ski-bap ba-dapModerator mod
    schuss wrote: »
    Even devs will often work weekends or nights if production is on fire. The start is honestly dev, as you need coding skills to do both security and sysadmin well. If you dislike routine, you may be disappointed, as a lot of coding is sticking classic patterns together in different ways.

    Yeah, even as a developer it's on me to configure and set up the environments the services I write will run in. It's not a whole lot of stuff, because Docker is pretty great, but still.

  • JasconiusJasconius sword criminal mad onlineRegistered User regular
    edited February 2018
    A majority of developer jobs are "going through the motions". Unless you're passionate, motivated, and talented, you can expect a > 90% chance that your career as a software developer will pay decently, be extremely mundane, and occasionally demand too many hours

    If you don't want to do "the same thing over and over again", you're going to have to get acquainted with how your definition of the "same thing" maps on to development... in my experience, most people do get shoehorned into roles where they're basically re-applying their pocket of knowledge to slightly different problems. Like a carpenter who makes shelves.. is it the "same thing" if you make the same shelf with a different type of wood, or paint it a different color? As a developer, expect to make the same fucking shelf with different paint all the time. How interesting you can make that for yourself really depends on you



    I've never worked in security but I've met and spoken professionally with people who have, and I think at certain levels the job can be a little more interesting. Especially if you're doing like frontline blackhat defense, you're going to seeing a lot more rotation in what's on your plate as threats evolve

    Contrast this against a software developer who usually establishes an expertise and hangs their hat on it for years at a time.

    Jasconius on
  • DarkewolfeDarkewolfe Registered User regular
    In a large org you're going to work extra hours too. It is simply a function of current, American IT that the standard work week is really 50+ hours. There are certainly exceptions but they're exceptions.

    What is this I don't even.
  • DarkewolfeDarkewolfe Registered User regular
    As far as security goes, unless it's an IA documentation or auditing job, which means boring and repetitive as fuck, I won't hire a "cyber security" person who hasn't had a previous IT role applying the related skills in a different capacity. Security is mostly being so good at an IT function that you can think about vulnerabilities related to your field.

    What is this I don't even.
  • Giggles_FunsworthGiggles_Funsworth Blight on Discourse Bay Area SprawlRegistered User regular
    It's best to think of security as a layer on top of one of several IT disciplines. You can't really just go into security without more general experience. If you have the opportunity to work as a developer first for at least a few years before pivoting into some kind of appsec role that's generally what I recommend to people.

  • Giggles_FunsworthGiggles_Funsworth Blight on Discourse Bay Area SprawlRegistered User regular
    Feral wrote: »
    Networking and cybersecurity are overlapping, but not equivalent, skillsets.

    I literally just rejected an applicant who was a stellar cybersecurity candidate because he didn't have enough networking knowledge. It broke my heart, he was an excellent interviewee. His skillset just wasn't a good fit for the system administration position we were trying to fill.

    There are security-specific educational programs and certifications out there. CompTIA Security+, SANS GIAC, and Certified Ethical Hacker are a few examples.

    I'd recommend the OSCP over all of these. It's offensive focused but a lot more comprehensive an hands on.

  • SmrtnikSmrtnik job boli zub Registered User regular
    Check https://www.usajobs.gov/Search/? for federal jobs in dev/it/ia.

    At my location, starting salaries for bachelor degrees in those roles is in the 70k range, with good benefits and leave, and we are hiring. Even if you don't meet the criteria, you'll at least know what the criteria are. You'll never make silicon valley type money with the feds but it's quite stable (other than for Congressional shenanigans every once in a while).

    steam_sig.png
  • DarkewolfeDarkewolfe Registered User regular
    Feral wrote: »
    Networking and cybersecurity are overlapping, but not equivalent, skillsets.

    I literally just rejected an applicant who was a stellar cybersecurity candidate because he didn't have enough networking knowledge. It broke my heart, he was an excellent interviewee. His skillset just wasn't a good fit for the system administration position we were trying to fill.

    There are security-specific educational programs and certifications out there. CompTIA Security+, SANS GIAC, and Certified Ethical Hacker are a few examples.

    I'd recommend the OSCP over all of these. It's offensive focused but a lot more comprehensive an hands on.

    A candidate with the OSCP would impress the hell out of me, but hilariously wouldn't meet some bureaucratic requirements for some of the large orgs I work for. The OSCP is "impress an actual IT person" while the other certs are "get past an HR or org checkpoint."

    What is this I don't even.
  • Giggles_FunsworthGiggles_Funsworth Blight on Discourse Bay Area SprawlRegistered User regular
    Darkewolfe wrote: »
    Feral wrote: »
    Networking and cybersecurity are overlapping, but not equivalent, skillsets.

    I literally just rejected an applicant who was a stellar cybersecurity candidate because he didn't have enough networking knowledge. It broke my heart, he was an excellent interviewee. His skillset just wasn't a good fit for the system administration position we were trying to fill.

    There are security-specific educational programs and certifications out there. CompTIA Security+, SANS GIAC, and Certified Ethical Hacker are a few examples.

    I'd recommend the OSCP over all of these. It's offensive focused but a lot more comprehensive an hands on.

    A candidate with the OSCP would impress the hell out of me, but hilariously wouldn't meet some bureaucratic requirements for some of the large orgs I work for. The OSCP is "impress an actual IT person" while the other certs are "get past an HR or org checkpoint."

    Yeah. I generally tend to ignore large orgs because their pay isn't as good, and if I'm actually applying to a large one it's because I've already networked my way inside via convention friends, etc. (which I also recommend and isn't too hard if you're planning for a few years out).

  • SmurphSmurph Registered User regular
    Other people have correctly pointed out that you're unlikely to get an IT or dev job with an unrelated degree and no experience. Even if you teach yourself Python or get certs or something on your own, it's an uphill battle because you're making it your employer's job to teach you *everything else*. Or more specifically, you're making your employer take one of their more experienced devs and assign them to you as a mentor, so they are now spending valuable hours teaching the new guy everything instead of doing their actual job and why didn't we just hire someone with a CS degree again?

    One possibility is to try to find a job as a software tester. Usually they want these people to have CS or IT degrees too, but I think you have a better chance at these jobs than entry level dev or IT jobs since they are often seen as less desirable. Testers that apply themselves can learn enough coding to be dangerous, and more importantly they become experts on the products they are testing. At that point if you still want to be a developer, you're a lot closer to making that a reality.

    If you have the ability to go through a 4 year CS degree program, that gives you the highest chance of success by far imo.

  • EclecticGrooveEclecticGroove Registered User regular
    I wouldn't say you are not going to find a job with an unrelated degree, but you are not going to find much but the lowest of low entry level jobs if you don't have anything to show in a technical field.

    If you know what you are doing you can grab some certs that can be put on your resume to make things slightly better... but until you build up work experience you are going to have to put in time at the bottom before you have any chance at all to work up to an actual job you might be interested in.

  • 3lwap03lwap0 Registered User regular
    Howdy @Professor Snugglesworth . I do professional cyber security, in a big fancy place with a big fancy name. We primarily do professional blue teaming, but my team dabbles in exploits and vulnerability research to augment the blue teaming aspect. I don't wanna toot the horn too hard here, but I've 'made it'. There are maybe 10 places on earth that compare to what we do. My advice is purely that though - advice. You do you.

    When you say 'Cyber Security' you're really discussing a very vast and wide career workforce, who have a very large set of skills, not all of which is applicable to all of the roles within the profession. Maybe you help the business craft policies to make things more secure. Maybe you do "AppSec" like @Echo might do, and help developers shore up their code to be more secure and less prone to vulnerabilities. Both of the things I described require different technical and soft skills. It's just a vast career field, man.

    What you've described to me, at least by what you perceive the career to be is, is a Security Operations Center (or SOC) person. You're not the 'help desk'. You don't do IT per say. You're bolted into the infrastructure of company, looking at logs, and working with tools to sift through data like a gold miner, and finding nuggets that may help you find some bad people or bad things on your network. You might have to get savvy on those tools to optimize them so they suck less. You'll have to learn the network and all it's data flows. It's as entry level as the gig can get, and could be right up your alley if that's what you want. You might have some long weekends and nights, or shift work maybe, if the hackers are wrecking your shit. You are the fire department - and it's your job to stop and put those fires out. To get a job like that you need a bare minimum of understanding of TCP/IP, OSI Model type stuff, and be literate in all the security verbs and nouns. Do you need to code? It wouldn't hurt to know some code - but it's not an initial requirement. Certifications are your gateway into this. Look at the Security+, CEH, or SANS courses to help along your way. Find your local area InfoSec meet ups, drink beers with them, and network, and you'll get in eventually.

    The OSCP is a very advanced cert. It crushes hopes and dreams. Don't do it yet, unless you're secretly some bad-ass. If your security fundamentals aren't sound, that test will hurt ya. I'd wait.

  • RadiationRadiation Registered User regular
    To that, if you were to do Security Ops stuff, I'd suggest Net+ in addition to the Security+ and start getting smart on wireshark.

    PSN: jfrofl
  • 3lwap03lwap0 Registered User regular
    Radiation wrote: »
    To that, if you were to do Security Ops stuff, I'd suggest Net+ in addition to the Security+ and start getting smart on wireshark.

    Agree! Understanding basic networking is vital. Protocols, DNS, etc., - All of this is vital to being good at networking monitoring and security.

  • schussschuss Registered User regular
    Smurph wrote: »
    Other people have correctly pointed out that you're unlikely to get an IT or dev job with an unrelated degree and no experience. Even if you teach yourself Python or get certs or something on your own, it's an uphill battle because you're making it your employer's job to teach you *everything else*. Or more specifically, you're making your employer take one of their more experienced devs and assign them to you as a mentor, so they are now spending valuable hours teaching the new guy everything instead of doing their actual job and why didn't we just hire someone with a CS degree again?

    One possibility is to try to find a job as a software tester. Usually they want these people to have CS or IT degrees too, but I think you have a better chance at these jobs than entry level dev or IT jobs since they are often seen as less desirable. Testers that apply themselves can learn enough coding to be dangerous, and more importantly they become experts on the products they are testing. At that point if you still want to be a developer, you're a lot closer to making that a reality.

    If you have the ability to go through a 4 year CS degree program, that gives you the highest chance of success by far imo.

    Testing jobs are going away in a lot of places with agile+CICD pipelines with automated testing. Also the general challenge of finding people who are good at creating and maintaining test suites. Beyond that, the more rote stuff is in India or similar spots these days as you can get 5-10 testers there for the price of one here.

  • Professor SnugglesworthProfessor Snugglesworth Registered User regular
    @3lwap0 Thanks a lot for the info.

    I’ve got a four day weekend coming up, so I want to take that time to start looking at some guides/tutorials for this field. Still not sure exactly where I want to fall under, but I would like to at least learn the beginner stuff that can be carried over to any of the paths I’m looking at.

    Could I get some handy online guides to look at? I know about Pluralsights (needs a trial) and Khan Academy. I could use more.

  • 3lwap03lwap0 Registered User regular
    @3lwap0 Thanks a lot for the info.

    I’ve got a four day weekend coming up, so I want to take that time to start looking at some guides/tutorials for this field. Still not sure exactly where I want to fall under, but I would like to at least learn the beginner stuff that can be carried over to any of the paths I’m looking at.

    Could I get some handy online guides to look at? I know about Pluralsights (needs a trial) and Khan Academy. I could use more.

    I've gotten a ton of value out of Khan Academy. Their series on encryption is excellent, and I very much recommend it. Look up 'Computerphile' on Youtube. They do some great security videos as well. Udemy might have some good courses as well, but that's a guess.

    What i'm going to stress to you is fundamentals. Security+ and Network+ are entry level certs, but the content you'll learn is core to everything you'll do and touch if you pick this field. You need to know and understand certain things that you'll build off of for other more advanced knowledge. You don't need to take the certs (though I recommend it), but the things outlined in them are the basics everyone should know. If you can find some videos on subject matter regarding them, they're worth a watch.

  • RadiationRadiation Registered User regular
    Also go Net+ then Security+ if you want to start tackling things.
    Not that you can't do them the other way. Just Security+ would renew the Net+ if there's a gap between the two.

    PSN: jfrofl
  • Professor SnugglesworthProfessor Snugglesworth Registered User regular
    3lwap0 wrote: »
    @3lwap0 Thanks a lot for the info.

    I’ve got a four day weekend coming up, so I want to take that time to start looking at some guides/tutorials for this field. Still not sure exactly where I want to fall under, but I would like to at least learn the beginner stuff that can be carried over to any of the paths I’m looking at.

    Could I get some handy online guides to look at? I know about Pluralsights (needs a trial) and Khan Academy. I could use more.

    I've gotten a ton of value out of Khan Academy. Their series on encryption is excellent, and I very much recommend it. Look up 'Computerphile' on Youtube. They do some great security videos as well. Udemy might have some good courses as well, but that's a guess.

    What i'm going to stress to you is fundamentals. Security+ and Network+ are entry level certs, but the content you'll learn is core to everything you'll do and touch if you pick this field. You need to know and understand certain things that you'll build off of for other more advanced knowledge. You don't need to take the certs (though I recommend it), but the things outlined in them are the basics everyone should know. If you can find some videos on subject matter regarding them, they're worth a watch.

    Thanks, I'm going to start with those.

    But I remember reading there were some apps/sites that also let you practice stuff, like Python, on your PC. Do they have similar hands-on tutorials for this stuff as well?

    I think I might try to dabble with everything at once, including Java and C# and so on. I also wouldn't mind learning more about Photoshop and other things like that. I basically would treat it like an MMO (or MHW, which I'm currently playing) in that I put out dailies for practicing this stuff.

  • 3lwap03lwap0 Registered User regular
    3lwap0 wrote: »
    @3lwap0 Thanks a lot for the info.

    I’ve got a four day weekend coming up, so I want to take that time to start looking at some guides/tutorials for this field. Still not sure exactly where I want to fall under, but I would like to at least learn the beginner stuff that can be carried over to any of the paths I’m looking at.

    Could I get some handy online guides to look at? I know about Pluralsights (needs a trial) and Khan Academy. I could use more.

    I've gotten a ton of value out of Khan Academy. Their series on encryption is excellent, and I very much recommend it. Look up 'Computerphile' on Youtube. They do some great security videos as well. Udemy might have some good courses as well, but that's a guess.

    What i'm going to stress to you is fundamentals. Security+ and Network+ are entry level certs, but the content you'll learn is core to everything you'll do and touch if you pick this field. You need to know and understand certain things that you'll build off of for other more advanced knowledge. You don't need to take the certs (though I recommend it), but the things outlined in them are the basics everyone should know. If you can find some videos on subject matter regarding them, they're worth a watch.

    Thanks, I'm going to start with those.

    But I remember reading there were some apps/sites that also let you practice stuff, like Python, on your PC. Do they have similar hands-on tutorials for this stuff as well?

    I think I might try to dabble with everything at once, including Java and C# and so on. I also wouldn't mind learning more about Photoshop and other things like that. I basically would treat it like an MMO (or MHW, which I'm currently playing) in that I put out dailies for practicing this stuff.

    You'll know what's best for you to learn. :) If that's how you're going to absorb and learn, go for it I say. The difficulty with N+ and S+ certs is, well, these aren't things you can practice necessarily. It's a largely ephemeral subject matter, learning about things like TCP/IP or IPv4/6, or the OSI Model, or some OSPF/RIPv2 - whatever they may be. You can't touch these things, but a lot of it's incredibly core to pretty much how everything kind of works at a very high level. It'll be very easy to get distracted. The N+ and S+ curriculum pretty much guide you through what you need to achieve victory, hence my suggestion. They'll arm you with the very basics as level 1 adventurer, ready to take on your first cyber security journey.

    As for coding, i'm a poor resource there. My Python coding is abysmal. I would defer to @Echo or others who are probably better at it.

  • EchoEcho ski-bap ba-dapModerator mod
    We have a general programming thread over in the tech tavern for anyone that wants to talk frog ramming.

  • Capt HowdyCapt Howdy Registered User regular
    edited February 2018
    Radiation wrote: »
    Also go Net+ then Security+ if you want to start tackling things.
    Not that you can't do them the other way. Just Security+ would renew the Net+ if there's a gap between the two.

    Just to add on to this, if you want Federal as an option, you have to have Security+. Doesn't matter if you have a degree, CCNA, or MCSE. You are a non hire without Security+.

    There are federal contracting jobs out there who will hire you in an entry level IT position with just Security+. They don't pay as much, but they have bennies and you get OJT/experience.

    Capt Howdy on
    Steam: kaylesolo1
    3DS: 1521-4165-5907
    PS3: KayleSolo
    Live: Kayle Solo
    WiiU: KayleSolo
Sign In or Register to comment.