Ask HN: Career advice for the next years?
My day to day jobs consists of daily operation of various software solutions (mostly java applications), projects (kubernetes is the new hot thing) and various other sysadmin related tasks.
I have been approached by several people that want me to jump ship and join another department and or firm. But I`m not sure what i want going forward in my IT career. I have two offers coming to me in early 2019, one is joining a penetration testing team, enrolling in a 6-12 months insane learning program. The other is joining another firm where i will become an Azure architect.
The problem or rather what i feel insecure about is that i don`t know enough, especially for the penetration testing gig. I don`t know programming in general, yes i have tweaked some php/bash/python/go code but never made anything from the ground up. So I`m debating if i should move away from my "comfortable" position where I`m usually praised and involved in a lot of projects and I`m making a big positive impact, for both customers, colleagues and the firm. To a new position where this will be limited (atleast for a couple of years) in both skill, earning potential and possible impact I`m able to do.
I`m basically looking for advice, if someone has been a similar dilemma and would like to share their experience, then that would be really appreciative.
16 comments
[ 3.2 ms ] story [ 37.9 ms ] threadThe architecture role will be design oriented. Do you understand what Azure/cloud offers your business? Things to consider: how will you do identity management, backups, security models (VPN etc..), etc... You're goal here will be more at the business level and how you "scale" your IT processes with respect to achieving those goals (and reduce COGs).. Azure is effectively infrastructure as code, which reduces the demand for system administrators since your physical machines are now virtualized. An architect will probably not code very much, penetration tester will write basic scripts to do much of the work... Architect is more about consensus building/collaboration/project management, penetration testing is more of an individual contributor role. These are of course basic descriptions of the roles.. they may vary in implementation wherever you go.
Going from help desk to system admin is a bigger leap than sysadmin to pen tester in my opinion. Fear not! If you meet like 50-70% of the reqs you're qualified.
But yes I do really enjoy the higer level ideas/work that Im doing, of course that entails a lot of "people" and collaboration work but Im really enjoying it.
One of my worries as a pentester is that I will go from more of an architecture/sysadmin role to an individual who just deliveres reports to some developer or project leader. I feel like the work I would do will give a lesser impact that the work Im doing now. (If that makes any sense)
I wouldn't worry to much about not being able to code in order to be a pen tester, an advance level of coding really isn't necessary.
I would ask why do you want to change your job? Are you unhappy with your current job? It sounds like you enjoy it. Keep this in mind because starting from the bottom as a pen tester will be very difficult if you are coming from a high-level role that you enjoy in another industry - you will have to realllly want to become a pen tester in order to start over from the bottom and work your way up. I say this from experience too as someone who spent about a year as a pen tester but decided to go back to my old career because it was not worth spending years to get to the same level I was already at.
The best heuristic you can follow for career is: Do what you are most curious about and meets your current & projected financial needs and still allows you to spend time with loved ones (where applicable).
I have consistently selected jobs/work where I'm most likely to learn in the areas I'm curious. Pen-testing (one of your options) is a great area that is only going to grow in demand. As Marc Andreessen is often quoted as saying: "Software is eating the world". The problem is that the vast majority of the code that is written is insecure!
If you are able to do the 6-12 month learning program and it results in a certification, that certificate is a "safety net" that you get to keep for the rest of your career whatever you do next!
I did something similar and have no regrets. It opens doors and being the "security expert" on a software project means you always get consulted when something mission critical has to be built.
Once you have enough cash, invest it in cashflow-producing assets so you have an additional stream of income (if you don't already...). Then you can afford to re-think what you do with your time and do exactly what you want with your life.
If you feel "insecure" write down why you feel that way. If you don't already keep a journal, start today. Write down your thoughts on why this decision is difficult. And refer back to your writings on a regular basis to "check-in" with yourself.
Bottom line: invest in yourself. keep your learning curve steep and switch jobs (upgrade) whenever you feel that you are no longer learning. This might feel like a "lack of loyalty" to your employer, but the fact is that you will be more valuable as a team member the more you learn, and if you can impart your knowledge on a given project in 3 months, why would you stay there for a year?!
I started contracting 6 years ago and have never looked back. The money is much better than "full time" and it's also way more flexible. If you develop the skills/credibility, you will never be without work. And if you cannot handle the "uncertainty" of contracting, you can always get a full-time job again.
Regarding insecure, I would say that is mostly because the more I learn, the more I know that I dont know. And I dont like not knowing something, so i guess that is what bothers me. And when it comes to pentesting i guess that feeling will just get worse. I will pick up on the idea of keeping a journal tho, if it helps id gladly write in it.
How did you start contracting? What skills are you "selling"?
There are good, bad, exceptional penetration testers and Azure architects. You are young and already being endorsed for your workmanship. If you interview without telling lies and get the job then go for it.
Also based on what you've written, it sounds like the Azure architect will be much better suited to you than the pen tester role. Not necessarily because of what skills you have but because it seems you like being involved in projects where you can create/manage something. As a pen tester you will likely work for between a few days up to a week for each client, you will do the job, write the report and be done.
But don't think that because you are comfortable this is necessarily a bad thing. "Get out of your comfort zone" is good advice for somebody who lacks ambition and refuses to change their ways but you do not sound like that kind of a person.