Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
DrDork
Dec 29, 2003
commanding officer of the Army of Dorkness

CLAM DOWN posted:

Being "passionate" about something does not equate whatsoever to not having work/life balance, working 60+ hours/week, being "emotionally invested" in a company, etc.

You're right in that it doesn't HAVE to, but by and large everyone I've known who I'd consider "passionate" about their work rather than just "proficient" (even extremely proficient) are exactly the types who end up dicking up their work/life balance, getting emotionally invested in stuff, etc., precicely because they ARE passionate about it.

Adbot
ADBOT LOVES YOU

Achmed Jones
Oct 16, 2004





yep. i mean, if "passionate" just means "enjoys their job/the field" or "finds infosec interesting" then ok whatever. but the original question was if you have to be "passionate" due to low pay, which is much more in line with the word as i'm using it

like, it seems to me that "i am passionate about hacker poo poo, and don't do it outside of work" has some tension in there, and i think most folks would agree. maybe it shouldn't be that way, but meaning is use etc etc

Achmed Jones fucked around with this message at 16:12 on Feb 20, 2021

AlternateAccount
Apr 25, 2005
FYGM

Passionate can mean that at a minimum you’re not just a mercenary in it for the money and you have a greater personal interest in the field or work.

I’d agree that generally “find a job you’re passionate about” has often been horrible advice and puts people on an impossible quest for imaginary fulfillment.

Being more generally passionate about self development and always trying to do great work, regardless of your actual job, is more useful than just being a huge fan of something narrow and specific.

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





I do a lot of related work to my job as a personal hobby outside of it, which makes me a better employee. I don't work on my employer's projects in my off time, but I do work on and look at things for fun that improve my skills and knowledge... like this thread.

Potato Salad
Oct 23, 2014

Nobody Cares




interest in subject matter is a sliding scale

I don't know why otherwise-professional people get so weird about this poo poo, especially in interviews

Jeoh
Jul 20, 2010




when i hear passionate, i think about rogue brewery

RFC2324
Jun 7, 2012

http 418



Jeoh posted:

when i hear passionate, i think about rogue brewery

That job listing actually made me less passionate about my job

CLAM DOWN
Feb 13, 2007


RICKARUS

It's Moot baby!




DrDork posted:

You're right in that it doesn't HAVE to, but by and large everyone I've known who I'd consider "passionate" about their work rather than just "proficient" (even extremely proficient) are exactly the types who end up dicking up their work/life balance, getting emotionally invested in stuff, etc., precicely because they ARE passionate about it.

I consider myself "passionate" about security by the objective definition of the word. I love security, find it fascinating, and sometimes mess around with it for fun outside of work. I also work 36.25 hours a week and not a minute more. Time at/invested in work and passion/interest are mutually exclusive concepts.

Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano


CLAM DOWN posted:

Time at/invested in work and passion/interest are mutually exclusive concepts.

I assume you mean orthogonal rather than ME, unless you're claiming you can't do both

Volmarias
Dec 31, 2002


Potato Salad posted:

interest in subject matter is a sliding scale

I don't know why otherwise-professional people get so weird about this poo poo, especially in interviews

"Passionate" workers train on their own time instead of on the company dime.

The Iron Rose
May 12, 2012

Cat Army


CLAM DOWN posted:

I consider myself "passionate" about security by the objective definition of the word. I love security, find it fascinating, and sometimes mess around with it for fun outside of work. I also work 36.25 hours a week and not a minute more. Time at/invested in work and passion/interest are mutually exclusive concepts.

ding ding ding

Except for the last line. But right on otherwise.

CLAM DOWN
Feb 13, 2007


RICKARUS

It's Moot baby!




Rufus Ping posted:

I assume you mean orthogonal rather than ME, unless you're claiming you can't do both

Correct, sorry.

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!


Pillbug

I love the future of sudo aliases

https://twitter.com/CubicleApril/status/1363918513665175552?s=20

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



And this is completely distinct from please.build, because who needs namespace exclusivity for commands on Unix-likes.

evil_bunnY
Apr 2, 2003



CLAM DOWN posted:

Being "passionate" about something does not equate whatsoever to not having work/life balance, working 60+ hours/week, being "emotionally invested" in a company, etc. Some of you are taking making huge extrapolations and leaps here and clearly have wild definitions of "passionate".
No, but you have the learn how to recognize the weasel words coming from the employer side too.

MightyBigMinus
Jan 26, 2020



hi infosec ppl

recently i started working for a security saas product/company. over the course of the last few months i've had dozens and dozens of conversations with CISOs at organizations of all different sizes

holy poo poo they are all totally useless.

they don't have the authority to buy anything, they inevitably wind up begging the CTO or CFO for special budget exceptions. they don't have the skills to do/install/deploy anything, they inevitably wind up begging the CTO/DevOps ppl to actually set stuff up for them. they don't have the access to fix anything, again they're just filing JIRA tickets and begging people to listen to them.

as far as I can tell they seem to have about as much budget and authority as a mall cop.

anyway thats it, no question here, just figured i'd commiserate with people who probably already know this from the other side.

Diva Cupcake
Aug 15, 2005



MightyBigMinus posted:

they don't have the access to fix anything, again they're just filing JIRA tickets and begging people to listen to them.

as far as I can tell they seem to have about as much budget and authority as a mall cop.
gently caress me

BaseballPCHiker
Jan 16, 2006



Im only like 3 months into my InfoSec job coming over from a full time network engineer role.

I work way less hard than I use to. My job seems to involve talking other teams into fixing their poo poo, then escalating to management as the fixes go unimplemented, before moving onto the next broken thing.

Its not nearly as fun as my old job but it pays a ton more at least.

CyberPingu
Sep 15, 2013



BaseballPCHiker posted:

Im only like 3 months into my InfoSec job coming over from a full time network engineer role.

I work way less hard than I use to. My job seems to involve talking other teams into fixing their poo poo, then escalating to management as the fixes go unimplemented, before moving onto the next broken thing.

Its not nearly as fun as my old job but it pays a ton more at least.

Infosec is mostly delegating I've found.

I don't know Ruby so I punt all fixes to devs.

BaseballPCHiker
Jan 16, 2006



CyberPingu posted:

Infosec is mostly delegating I've found.

I don't know Ruby so I punt all fixes to devs.

True in my experience as well.

Most places big enough to have a full time security staff are also big enough to be bogged down by necessary bureaucracy and management making changes slow and tedious enough as it is.

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!


Pillbug

BaseballPCHiker posted:

Im only like 3 months into my InfoSec job coming over from a full time network engineer role.

I work way less hard than I use to. My job seems to involve talking other teams into fixing their poo poo, then escalating to management as the fixes go unimplemented, before moving onto the next broken thing.

Its not nearly as fun as my old job but it pays a ton more at least.

Pretty much, kinda want to go back to consulting since doing IR/DR and Pentesting was a lot more fun, but a lot less stable pay wise/job wise.

droll
Jan 9, 2020


Our CISO isn't even an employee; theyre a consultant that our Exec IT director calls vCISO and he's even more useless. But he tells the board we have done xyz (i did xyz) and collects 250 an hour.

Shuu
Aug 18, 2005

Wow!

MightyBigMinus posted:

hi infosec ppl

recently i started working for a security saas product/company. over the course of the last few months i've had dozens and dozens of conversations with CISOs at organizations of all different sizes

holy poo poo they are all totally useless.

they don't have the authority to buy anything, they inevitably wind up begging the CTO or CFO for special budget exceptions. they don't have the skills to do/install/deploy anything, they inevitably wind up begging the CTO/DevOps ppl to actually set stuff up for them. they don't have the access to fix anything, again they're just filing JIRA tickets and begging people to listen to them.

as far as I can tell they seem to have about as much budget and authority as a mall cop.

anyway thats it, no question here, just figured i'd commiserate with people who probably already know this from the other side.

This is so relatable it hurts. I used to work in R&D/detection development for a SIEM product and honestly can't say that it seemed like there was any net gain made in terms of customer security. It was primarily purchased by CISOs who were the only security staff at the company, usually outsourced triage/IR to a SOC, and whose entire understanding of security was that the magical box would prevent any and all issues. It got worse when everyone started demanding investment in cloud products and detections, because those detections are even noisier than info-level portscan garbage if they don't have solid cloud architecture practices to begin with (they didn't).

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



They're basically someone who's paid to be the one who gets the blame when security is found to be lax.

Tryzzub
Jan 1, 2007



Mudslide Experiment

dang, I should consider myself lucky to have an actively involved CISO (first cyber job and first time working w/ a CISO). Our team is fairly small so idk if that helps.

BaseballPCHiker
Jan 16, 2006



BlankSystemDaemon posted:

They're basically someone who's paid to be the one who gets the blame when security is found to be lax.

Previous job had a "virtual" CISO as part of a security package we bought from the firm. Ours flat out told us that one of their services was being a glorified fall guy for when something bad eventually happened.

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!


Pillbug

BlankSystemDaemon posted:

They're basically someone who's paid to be the one who gets the blame when security is found to be lax.

Yeah, CISOs are basically the fall guys

Defenestrategy
Oct 24, 2010

Worst decision I ever made.


Our company just had a investment firm buy a controlling interest in the company. As a result they came through and had outside dudes do an audit on our infrastructure for stuff we had to do. One of their action items was "Hire/designate someone as CISO".

The entire IT/Cybersec department laughed at that, which is to say the three of us laughed at that.

Tryzzub
Jan 1, 2007



Mudslide Experiment

Unauth Vcenter RCE through vsphere client, yay!

https://twitter.com/WeisterCreek/status/1364319729515716612?s=20

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





Defenestrategy posted:

Our company just had a investment firm buy a controlling interest in the company. As a result they came through and had outside dudes do an audit on our infrastructure for stuff we had to do. One of their action items was "Hire/designate someone as CISO".

The entire IT/Cybersec department laughed at that, which is to say the three of us laughed at that.

You have a cybersec department? Lucky.

Defenestrategy
Oct 24, 2010

Worst decision I ever made.


Cup Runneth Over posted:

You have a cybersec department? Lucky.

Well in so far as I am a "Infrastructure Security Engineer" and my job is to come up with policies that make everyone miserable, and then implement them.

Adbot
ADBOT LOVES YOU

Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate





Defenestrategy posted:

Well in so far as I am a "Infrastructure Security Engineer" and my job is to come up with policies that make everyone miserable, and then implement them.

Like I said, lucky. My job entails an executive telling me "we want this app to be secure" and then leaving it up to us to figure out what the best practices are and how to implement them. And we don't get paid extra for it.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply