Hacker News new | past | comments | ask | show | jobs | submit login

This was fascinating! If I could do it all over again, I'd have gone into the US Foreign Service. Maybe not to places like North Korea (which we don't have a presence in anyways), but I'd have loved to travel the world. Maybe in the next life...



> Maybe in the next life...

I told myself this about an important decision. I thought about it more and decided I didn't really believe in that (proof: what do you remember from your last life), so just did it in this one. No regrets!


you'll eventually forget this life too, so i'm not sure about your proof ;)


A consistent, but perhaps incomplete, model.


Just do IT!


On one of my flights out of... I forget if it was SJC or SFO - but it was one of them... I sat next to someone in uniform and we got to talking. He was a former dentist who joined the military and was studying in Monterey his fifth foreign language https://www.dliflc.edu


> Maybe not to places like North Korea (which we don't have a presence in anyways)

Sure they don't ;)


Sure, if you could get in.

I tried for 5 years in a row to get into my country's service. It failed. Pivoted to information security, hey at least I am a millionaire now.


may I ask if you have any career advice?


Try 5 years to get into foreign service, then pivot to IS?


Yes. Or more general: work hard to get something. Even if you will never reach it, you might still improve enough in general, to be ready to do and get something else instead.


Correct


Unless you have broken software and hardware since the 1990s or 1980s, and then gotten a degree in management or engineering, my path is hard to replicate.

But I certainly can offer some advice:

1. Be hardcore and really interested in security. Read everything. Deep diving into networks, software, vulnerability, risk management.

2. Get a CISSP certifiaction, then maybe an ISO 27001 cert and then also something juicy from SANS (I have none of these).

3. Get an AWS or a public cloud of your choice certification

Also

* Cia triad

* Mitre attack framework

* Cis controls

* Nist framework

* Ise 62443

* Zero trust framework from NIST

Get work experience, projects, situations, grow and evolve


If you're interested in someone else's take on this: don't get a CISSP, and ISO 27001 is generally something a company gets, not a person.


True, it would be more toward security leadership in things like CISO roles or equivalent.

Yet if one takes them, they will certainly help.


Again, just in case you're interested in a second take on this, no.


Why no? CISSP is often requested on job postings for cybersecurity.


They're disproportionately requirements for the worst, lowest-status jobs in cybersecurity, and many of the best known and "highest placed" practitioners in the industry (not just in vuln research and xdev but also in management) don't have one.


What does "xdev" mean, please?


Exploit development


To be fair: this is, like, a 2010 acronym, and I'm dating myself just by using it; I just have a dry-eye thing going today that's making screen time annoying and didn't want to type the words out. :)


I am intersted in your version of my answer. I don't think picking at elements from my list and just saying "no" is fruitful.


I disagree, and am deliberately not trying to start a protracted debate here. I'm just offering a data point, nothing more.


Well, it seems we have arrived at an impasse.


No, we haven't. We disagree about something, but there was never a premise that we would agree. It's fine for us to disagree! We're two different data points, nothing more or less. An "impasse" implies there was a further destination for us to reach, if only we found common ground. Not so!

I think we sometimes look past how valuable it is to just have two clearly stated, conflicting views on an issue, without a day long effort to unify or persuade them.


What currency




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: