by gdfer on 4/23/17, 9:19 PM with 14 comments
While I've had a successful career thus far, consistently get great reviews & make a good wage, I am also getting ... bored I guess.
I'm considering various options -one idea that's piqued my interest lately is furthering my education a bit (would have to do online learning) and making a transition to working in a more specialized area of comp sci such as cyber security or machine learning. I don't have much experience in cyber security (have done some pen testing/fixing of java web apps -OWASP type stuff) and have virtually no experience with AI/machine learning concepts. I just find these things fascinating.
I guess I'm curious: Has anyone made a similar career change from a more general developer type of role to something like cyber security or machine learning? How did that go for you? What should my expectations be and what are some suggestions for investigating and going about this?
Lastly -I don't work in or near a big city and would probably have to work remotely (I've been doing remote Java consulting successfully for a while) or move. Not sure if these specializations are conducive to remote workers so I wonder if anyone can shed any light on that.
by jwilliams on 4/24/17, 12:27 AM
1. Ultimately I think it'll be easier to get a remote job. ML is in high demand and requires dedicated, focused hacking time. This means remote is more do-able. Generalizing -- Cyber security interfaces significantly with people and process across the whole of an organization, so tends to require more face time.
2. It's easier to experiment and learn ML on your own. Grab a project, come up with some ideas and then get them up on Github. That's much hard to do in the security realm.
If I were you, I'd see if you can carve out some time for a passion project. Pick up a ML framework and see what you can do. Put it up on Github, write some blogs. You'll see how passionate about the space you are, plus build out the start of a CV.
by howlett on 4/24/17, 9:03 PM
If you look at my previous comments I always say the same thing: get the OSCP certification. It will definitely get you an interview but the course is hard and demanding.
Also, get ready to take a paycut and a role downgrade as 4 years of pentesting have more value than 10 years of development.
Obviously you bring other skills to the table like better client communication and knowing how things work under the hood, but you'll have to take a step back before you take two steps forward.
I definitely recommend you go that way, but think hard before you do, and please be sure it's not because you're "bored".
Last but not least, prepare to travel to clients. Sure there is the "internet" and "vpn" but a lot of clients have internal apps need testing and do not give you remote access.
If you have any questions I'll be happy to help out.
by phaus on 4/24/17, 12:23 AM
The specializations are both conducive to remote work. However, they aren't conducive to remote work for people that don't have a good amount of experience in that role.
You can definitely make the switch to either of those things, but you have a long road ahead. If you know specifically what sub-field of security interests you, I might be able to give you some more insight.
by Teichopsia on 4/24/17, 8:56 AM
by hacknat on 4/26/17, 1:15 PM