|
CLAM DOWN posted:Being "passionate" about something does not equate whatsoever to not having work/life balance, working 60+ hours/week, being "emotionally invested" in a company, etc. You're right in that it doesn't HAVE to, but by and large everyone I've known who I'd consider "passionate" about their work rather than just "proficient" (even extremely proficient) are exactly the types who end up dicking up their work/life balance, getting emotionally invested in stuff, etc., precicely because they ARE passionate about it.
|
#
?
Feb 20, 2021 12:10
|
|
|
|
| # ? Feb 25, 2021 10:14 |
|
|
yep. i mean, if "passionate" just means "enjoys their job/the field" or "finds infosec interesting" then ok whatever. but the original question was if you have to be "passionate" due to low pay, which is much more in line with the word as i'm using it like, it seems to me that "i am passionate about hacker poo poo, and don't do it outside of work" has some tension in there, and i think most folks would agree. maybe it shouldn't be that way, but meaning is use etc etc Achmed Jones fucked around with this message at 16:12 on Feb 20, 2021 |
|
#
?
Feb 20, 2021 16:09
|
|
|
Passionate can mean that at a minimum you’re not just a mercenary in it for the money and you have a greater personal interest in the field or work. I’d agree that generally “find a job you’re passionate about” has often been horrible advice and puts people on an impossible quest for imaginary fulfillment. Being more generally passionate about self development and always trying to do great work, regardless of your actual job, is more useful than just being a huge fan of something narrow and specific.
|
|
#
?
Feb 20, 2021 16:30
|
|
|
I do a lot of related work to my job as a personal hobby outside of it, which makes me a better employee. I don't work on my employer's projects in my off time, but I do work on and look at things for fun that improve my skills and knowledge... like this thread.
|
|
#
?
Feb 20, 2021 17:10
|
|
|
interest in subject matter is a sliding scale I don't know why otherwise-professional people get so weird about this poo poo, especially in interviews
|
|
#
?
Feb 20, 2021 17:13
|
|
|
when i hear passionate, i think about rogue brewery
|
|
#
?
Feb 20, 2021 17:34
|
|
|
Jeoh posted:when i hear passionate, i think about rogue brewery That job listing actually made me less passionate about my job
|
|
#
?
Feb 20, 2021 17:44
|
|
|
DrDork posted:You're right in that it doesn't HAVE to, but by and large everyone I've known who I'd consider "passionate" about their work rather than just "proficient" (even extremely proficient) are exactly the types who end up dicking up their work/life balance, getting emotionally invested in stuff, etc., precicely because they ARE passionate about it. I consider myself "passionate" about security by the objective definition of the word. I love security, find it fascinating, and sometimes mess around with it for fun outside of work. I also work 36.25 hours a week and not a minute more. Time at/invested in work and passion/interest are mutually exclusive concepts.
|
|
#
?
Feb 20, 2021 18:10
|
|
A
|
CLAM DOWN posted:Time at/invested in work and passion/interest are mutually exclusive concepts. I assume you mean orthogonal rather than ME, unless you're claiming you can't do both
|
|
#
?
Feb 20, 2021 18:19
|
|
|
Potato Salad posted:interest in subject matter is a sliding scale "Passionate" workers train on their own time instead of on the company dime.
|
|
#
?
Feb 20, 2021 18:59
|
|
|
CLAM DOWN posted:I consider myself "passionate" about security by the objective definition of the word. I love security, find it fascinating, and sometimes mess around with it for fun outside of work. I also work 36.25 hours a week and not a minute more. Time at/invested in work and passion/interest are mutually exclusive concepts. ding ding ding Except for the last line. But right on otherwise.
|
|
#
?
Feb 20, 2021 19:22
|
|
Cat Army
|
Rufus Ping posted:I assume you mean orthogonal rather than ME, unless you're claiming you can't do both Correct, sorry.
|
|
#
?
Feb 20, 2021 20:36
|
|
|
I love the future of sudo aliases https://twitter.com/CubicleApril/status/1363918513665175552?s=20
|
|
#
?
Feb 22, 2021 18:37
|
|
|
CommieGIR posted:I love the future of sudo aliases
|
|
#
?
Feb 22, 2021 21:40
|
|
|
CLAM DOWN posted:Being "passionate" about something does not equate whatsoever to not having work/life balance, working 60+ hours/week, being "emotionally invested" in a company, etc. Some of you are taking making huge extrapolations and leaps here and clearly have wild definitions of "passionate".
|
|
#
?
Feb 23, 2021 12:33
|
|
|
hi infosec ppl recently i started working for a security saas product/company. over the course of the last few months i've had dozens and dozens of conversations with CISOs at organizations of all different sizes holy poo poo they are all totally useless. they don't have the authority to buy anything, they inevitably wind up begging the CTO or CFO for special budget exceptions. they don't have the skills to do/install/deploy anything, they inevitably wind up begging the CTO/DevOps ppl to actually set stuff up for them. they don't have the access to fix anything, again they're just filing JIRA tickets and begging people to listen to them. as far as I can tell they seem to have about as much budget and authority as a mall cop. anyway thats it, no question here, just figured i'd commiserate with people who probably already know this from the other side.
|
|
#
?
Feb 23, 2021 13:06
|
|
|
MightyBigMinus posted:they don't have the access to fix anything, again they're just filing JIRA tickets and begging people to listen to them.
|
|
#
?
Feb 23, 2021 13:13
|
|
|
Im only like 3 months into my InfoSec job coming over from a full time network engineer role. I work way less hard than I use to. My job seems to involve talking other teams into fixing their poo poo, then escalating to management as the fixes go unimplemented, before moving onto the next broken thing. Its not nearly as fun as my old job but it pays a ton more at least.
|
|
#
?
Feb 23, 2021 13:46
|
|
|
BaseballPCHiker posted:Im only like 3 months into my InfoSec job coming over from a full time network engineer role. Infosec is mostly delegating I've found. I don't know Ruby so I punt all fixes to devs.
|
|
#
?
Feb 23, 2021 13:48
|
|
|
CyberPingu posted:Infosec is mostly delegating I've found. True in my experience as well. Most places big enough to have a full time security staff are also big enough to be bogged down by necessary bureaucracy and management making changes slow and tedious enough as it is.
|
|
#
?
Feb 23, 2021 14:05
|
|
|
BaseballPCHiker posted:Im only like 3 months into my InfoSec job coming over from a full time network engineer role. Pretty much, kinda want to go back to consulting since doing IR/DR and Pentesting was a lot more fun, but a lot less stable pay wise/job wise.
|
|
#
?
Feb 23, 2021 14:21
|
|
|
Our CISO isn't even an employee; theyre a consultant that our Exec IT director calls vCISO and he's even more useless. But he tells the board we have done xyz (i did xyz) and collects 250 an hour.
|
|
#
?
Feb 23, 2021 16:00
|
|
|
MightyBigMinus posted:hi infosec ppl This is so relatable it hurts. I used to work in R&D/detection development for a SIEM product and honestly can't say that it seemed like there was any net gain made in terms of customer security. It was primarily purchased by CISOs who were the only security staff at the company, usually outsourced triage/IR to a SOC, and whose entire understanding of security was that the magical box would prevent any and all issues. It got worse when everyone started demanding investment in cloud products and detections, because those detections are even noisier than info-level portscan garbage if they don't have solid cloud architecture practices to begin with (they didn't).
|
|
#
?
Feb 23, 2021 19:26
|
|
|
They're basically someone who's paid to be the one who gets the blame when security is found to be lax.
|
|
#
?
Feb 23, 2021 21:13
|
|
|
dang, I should consider myself lucky to have an actively involved CISO (first cyber job and first time working w/ a CISO). Our team is fairly small so idk if that helps.
|
|
#
?
Feb 23, 2021 22:13
|
|
|
BlankSystemDaemon posted:They're basically someone who's paid to be the one who gets the blame when security is found to be lax. Previous job had a "virtual" CISO as part of a security package we bought from the firm. Ours flat out told us that one of their services was being a glorified fall guy for when something bad eventually happened.
|
|
#
?
Feb 23, 2021 22:40
|
|
|
BlankSystemDaemon posted:They're basically someone who's paid to be the one who gets the blame when security is found to be lax. Yeah, CISOs are basically the fall guys
|
|
#
?
Feb 24, 2021 02:29
|
|
|
Our company just had a investment firm buy a controlling interest in the company. As a result they came through and had outside dudes do an audit on our infrastructure for stuff we had to do. One of their action items was "Hire/designate someone as CISO". The entire IT/Cybersec department laughed at that, which is to say the three of us laughed at that.
|
|
#
?
Feb 24, 2021 17:18
|
|
|
Unauth Vcenter RCE through vsphere client, yay! https://twitter.com/WeisterCreek/status/1364319729515716612?s=20
|
|
#
?
Feb 24, 2021 19:22
|
|
|
Defenestrategy posted:Our company just had a investment firm buy a controlling interest in the company. As a result they came through and had outside dudes do an audit on our infrastructure for stuff we had to do. One of their action items was "Hire/designate someone as CISO". You have a cybersec department? Lucky.
|
|
#
?
Feb 24, 2021 22:16
|
|
|
Cup Runneth Over posted:You have a cybersec department? Lucky. Well in so far as I am a "Infrastructure Security Engineer" and my job is to come up with policies that make everyone miserable, and then implement them.
|
|
#
?
Feb 24, 2021 22:21
|
|
|
|
| # ? Feb 25, 2021 10:14 |
|
|
Defenestrategy posted:Well in so far as I am a "Infrastructure Security Engineer" and my job is to come up with policies that make everyone miserable, and then implement them. Like I said, lucky. My job entails an executive telling me "we want this app to be secure" and then leaving it up to us to figure out what the best practices are and how to implement them. And we don't get paid extra for it.
|
|
#
?
Feb 24, 2021 22:23
|
|