Ask HN: 11 Year (7 in FAANG) laid off dev needing career advice
I've had many years of experience, but essentially only 1 year of experience in any one thing. It's all been pretty random, though notably very little frontend. To get specific without being too specific, in recent years I've implemented a filesystem, made a testing framework, added functionality to a C++ library, created a middleman between kernel space and userspace, etc. The takeaway is I can do lots of things, but am not an expert in anything.
Problem:
Judging by job postings, the two main categories that even remotely fit me are Infrastructure or Backend. The problem is I have huge holes in those categories - I haven't dealt with the setup of CI/CD, created APIs, used Kubernetes, or done anything to do with distributed computing. The extent of my backend web experience were small scale and lived on a single machine. While I have no doubt I could pick things up quickly, the fact is I lack the experience that basically every position is looking for. So far, recruiters won't even give me the time of day. Even if we do have a call, I usually don't even advance to the technical screening.
Solution?
Obviously, need to choose a focus and try to convince someone I am capable of performing. Let's say that's Backend. But what can I do about the massive hole in my experience?
I've been doing Kubernetes tutorials, but the pessimist in me fears that in this job market, there will always be another candidate with actual real world experience that will get the job instead. I would also never be able to simulate a large enough load at home to gain experience in solving scalability issues. Would having played with Kubernetes at home matter at all to prospective employers?
I feel like a fish out of water right now. Has anyone been in my position? How did you solve it?
15 comments
[ 3.3 ms ] story [ 42.4 ms ] threadI am not that great at C++, but I guess self-teaching C++ is a more fitting path to go down vs. self-teaching backend tech?
That's not how it works. If a brain surgeon can't find a position in a hospital do you think someone will hire him as a clerk because "that's available"?
What if I were a a horse-drawn carriage driver and the car industry was relegating my career into niche theme parks? If I don't want to be in that niche anymore (and I don't!), then logically, I should learn how to drive a car and become a driver.
I am just making the observation that the vast majority of available openings that can even remotely fit me (ie. not any sort of frontend) are backend, with a distant runner up of infra. If that is the reality, then I need to meet it.
It's not that I'm against niches. I like the suggestion in the other post to go into infosec. I consider that a niche too but at least most companies would need it. Very few companies make operating systems. I feel that I shouldn't have gone this direction in the first place and this struggle to find a job is a wakeup call to change.
My post already outlines my willingness to learn/retrain to fit a new reality. I'm asking for advice to make such a transition, not really looking to being told to keep doing what I've done when it clearly isn't a very portable area of expertise.
Another radical thought is to forget the IT industry first approach and look to other industries for suggestions of how you could best serve them and recommended contacts to chase up.
Mining, energy, construction, surveying, etc all have data heavy sides to them, specialist software, and particular hardware | processing needs.
Drones have embedded operating systems and a wide variety of sensor and control modules, they're used to inspect work, document multi spectral growth in agriculture, provide aerial footage in the AV industry (movies, streaming series, corporate documentaries, etc).
If you can visit trade shows for industries you've never really though about you will generally find interesting work that has an IT angle that is very probably starved for talented attention.
IMO API dev isn't THAT different from what you already do, just a different mindset. Take this with a grain of salt from me though because I only dabble in API dev.
There's an O'Reilly book "Cloud Native DevOps with Kubernetes" that have me a solid grasp on Kubernetes but the biggest lesson from that section was "don't manage k8s yourself" and that was the BEST advice about K8s I've ever seen. Create a free account with the cloud service providers and play around with k8s (ideally after you've run through some guides on CI/CD). This is 100% your "real world experience".
If you're looking to try a new career field I think you'd likely excel in infosec with your background. Take a look at application security and see if that interests you.
I know your pain as I'm on the tail end of what you're going through, but as an outsider looking in it seems you're in a much stronger spot than I am! They're is light at the end of the tunnel!
EDIT: IT needs specialists AND generalists. From one generalist to another, don't be too upset about not being an expert in your domain. I'm a CISSP that struggles with security analysis but can do security management, privacy, and GRC off a fresh bong rip and a four loko+rip it cocktail. THERE IS NOTHING WRONG WITH NOT KNOWING EVERYTHING BECAUSE A GOOD TEAM WILL ALWAYS LOOK OUT FOR EACH OTHER
Skipping k8s management makes a ton of sense to me, especially since that should be considered more of a DevOps job anyway. But since you say to do CI/CD first, I assume you mean I should go through the entire flow where I submit commits and have the "CD" deploy to the cloud k8s? Seems like I'd still need to be able to bring up my own local instance to see my code changes during dev, and would need to manage the local k8s.
Security might actually be the way to go long-term! The way I see it, it has to be verifiable (not possible to depend on AI) and can't be outsourced (at least not to any adversarial country). I'll definitely look into that!
What was your playbook to get into infosec?
I took a nonstandard path into infosec- I never actually went to school for it because it just wasn't taught where I went at the time. I learned by reading a lot and testing what I read against my own (and sometimes not my own) machines and my previous employment gave me a solid foundation since all of my professional skills were transferable. I was a dev for 2 years and a security-focused business system analyst for 6 years before getting my first job in infosec, and I'm 100% sure I passed my CISSP solely on dumb luck because I just "picked what made sense to me." I never took Sec+, Net+, OSCP, etc... certification because by the time I found out those certs existed I was already a CISSP and working to shore up my blue team weaknesses (blue team = "don't hack me bro", red team = "IT'S PWNIN' TIME". There's also purple team where you do both, I see this being the future of the craft much like how development and operations has pretty much merged).
I definitely recommend reading up about cybersecurity topics- maybe even take a Udemy or Coursera course or two on the fundamentals. Even if you get an entry level role I have no doubt you'd be able to ramp up quickly. You DO need to understand networking concepts so that might be new but it's seriously not THAT in-depth and you can skirt by initially with the basics (know how networks work, and be able to both capture a packet and read a PCAP file) and pick up more as you grow into the field. You'll need to pick up soft skills to help you frame technical concepts into terms laypeople can understand for your reports, which can be a challenge at first but you get the hang of it after doing it a while. As long as you're on a decent team any weaknesses you have can be covered by an ally- DO NOT BE AFRAID TO ASK FOR HELP WHEN YOU DON'T KNOW SOMETHING!
I do need to be transparent- my skills are more on the security management side (I could talk for HOURS about security risk) and most of the roles I've seen advertised (including the one I just left) are for security operations center staff. Hopefully another security professional here more skilled than I can chime in to keep me humble and honest!
If you're interested (ISC)2 has a "Certified in Cybersecurity" certification intended for people new to the industry. I'd take a look at the exam material for that and see if it interests you. You may be tempted to jump for CISSP, CISM, a GIAC cert, etc... Save those for later in your career when you KNOW you're ready (also I dunno about CISM but CISSP requires at least 5 verified years of professional security work and the endorsement of another CISSP. I don't think the GIAC certs are as strict but they're WAY more expensive). They're NOT easy, and there's a real risk you'll end up like me if you successfully take the shortcut, a CISSP that excels at the really hard stuff but has no interest in/sucks at the grunt work.
If you can get a mentor for cybersecurity that would be a huge plus- not just for helping you find a job in the industry but it REALLY helps fight off the inevitable imposter syndrome (I have met exactly ONE security professional in my entire career that didn't deal with imposter syndrome at some point in their career. That one guy has a higher IQ than my car has horsepower).
Hope this helps!
In terms of skills, yes, you may be helped by figuring out a focus and gaining depth in a particular area. But which area? Here you do need to do another layer of analysis beyond job postings, but you will also need to figure out what interests you, what you would be motivated to do. Which might be more technology or it might at your level of seniority be other areas like business domain or people areas. If business domain or people areas are interesting then you will want to double down on setting up conversations with your network. But if technology is interesting the very best thing to do is the learn in public. Take your lack of knowledge as a strength, start from zero, and use your existing skills to learn how something is implemented, and teach yourself, documenting as you go, to the level of depth that satisfies you. Publish that work. If you have worked at the kernel/file system level you find especially in user space platforms like k8s many oddities and curiosities. Listen to your curiosity and document those oddities. You might actually find something that needs fixing, in that case, submit a PR.
Both of these approaches- reaching out to your network, and following and documenting your curiosity- take time. Doing the job hunt with recruiters does as well. But this way you are growing yourself as an asset, in relationships, and in skills.
HTH. Good luck.
I did start blogging my side projects, but I hadn't considered digging into other implementations and blogging my findings as well. Interesting idea, will try!
FWIW, particularly at large companies, I wouldn't have thought the average engineer would be touching Kubernetes, or the build pipeline, or whatever; there's a fair bit of specialisation in large companies. And some companies don't even use Kubernetes; despite appearance, it is not mandatory :)
I agree that it'd be very weird for any of my colleagues to have touched Kubernetes or the build pipeline (unless that was their entire job). Large companies can afford to let people specialize, but that's not necessarily the case with smaller companies where people need to wear many hats.
It's just pretty apparent that I need to put on more hats to be a competitive candidate, especially when the hat I do wear usually isn't relevant to the companies that are hiring. Large companies also have plenty of teams doing more mainstream work (regular backend dev) even if it doesn't include k8s, so they all still have a leg up on me in this sparse job market.
Of course my problem might disappear when the market recovers and the large companies hire again, but I'm not going to sit around waiting for that.