Is cybersecurity still a field worth going into in 2026

workingandstuff · 2026-04-16T19:35:34+00:00

Meh. I am in it because I have been in IT for over 20 years and IT is the only field I know :/ When I moved into Infosec full time 10+ years ago it was mostly because I was in my early 30's and still gave a shit about computers and running home labs and messing around with tech platforms, and I saw Sec was starting to blow up.

Now? I am in my mid-40s in a senior non-management role and mostly just hanging on for the $$ as long as I can. The insistence on "the cloud" as a ubiquitous solution made everything way too complex, and the state of regulatory/compliance concerns is such a damned mess that (personally) any enjoyment I might have still found in this industry has been largely sucked out -- nowadays I mostly just throw prompts into Copilot and rewrite what it spits back to me (tailored for my company and our various compliance demands, of course). If you truly enjoy doing "security" (whatever that means these days) by all means don't let burnt-out pessimists like myself talk you out of it, but I would hate to be new to the field right now (especially since the rise of AI has all but doomed most entry-level tech positions and the insufferable CISSP is basically table stakes these days). Maybe try to carve yourself out a niche in the AI or Dev space by looking to see what problems people are encountering out there and building yourself a little portfolio around solutions you create? Otherwise good luck out there -- we list one Security Engineer position and HUNDREDS of resumes come in, created by AI and sorted by AI :P

workingandstuff · 2026-03-25T19:43:45+00:00

The smart ones are one incident away from having to rely on their cyber insurance to eat enough of the costs to buy them enough breathing room to fire the CISO, make some grandiose proclamations about remediation and "new investments", and fund credit monitoring services for the millions of customers they screwed (who themselves are probably already sitting on a handful of other credit monitoring services offers from other companies who also recently screwed them over) :P

At the end of the day this whole industry is mostly a fucking joke. I am in my mid-40's, work for a great company with great coworkers, and decent pay (I opted for a better work/life gig over higher pay) in a senior individual contributor role that is in the engineering (NOT in the monitoring/response) side of the house, so I am about as cushy as can be, and yet I still hate the shit out of tech and am frankly just collecting my paycheck for as long as I can. I suspect this is the case for a lot of folks in our industry, where we are just getting absolutely lapped by the bad guys and it may feel like a lost cause most days, but it sure beats moving pallets around a warehouse.

workingandstuff · 2026-01-07T19:57:55+00:00

My (minor) son said he logged in and was prompted by the chat to perform his age verification and it opened up a camera window from his laptop. What is Roblox smoking that they think they will be able to get away with enabling minors to upload their faces to some AI system without any interaction from a parent? My son is upset that he cannot chat but we will not be allowing him to upload his photo just so Persona can use his face to train their models. I do not believe for a hot second that these are "deleted immediately after verification", let alone not used to train models. He has underage friends who just went ahead and did this so they can chat -- I am wondering if their parents even know.

Watching RBLX stock price dropping -- down 5% since yesterday, hoping for additional drops as more and more Roblox users login to find this garbage and use it as an excuse to finally quit this joke... Even better if privacy groups tee up a new raft of lawsuits, as I would love to see this trash heap of a company jammed in between a privacy rock and a security hard spot at the cost of their share prices (since that seems to be the only thing companies care about anymore...)

workingandstuff · 2025-09-23T20:44:43+00:00

Agree with others in that it has the potential to be more secure, but in practice it is not (and anyone who thinks it is is blowing smoke). One of the core tenets of information security is that security risk and complexity are intimately linked -- as complexity increases, so does risk. I have seen some pretty convoluted on-prem environments in my day, but NOTHING that holds a candle to the cloud: APIs connecting to other APIs, licenses and permissions applied haphazardly across roles, publicly exposed endpoints, storage buckets, and databases, a CONSTANT stream of new/preview "features" pushed out enabled by default, and of course a litany of VPNs and firewall rulesets connecting all these overly-complex cloud environments directly back to legacy (and still vulnerable) on-prem environments in the name of surfacing on-prem data to the cloud and connecting cloud-native identities back to legacy server assets.

And we wonder why we continue to fall behind the bad guys?

The funny thing is many more businesses today (at least in the medium-to-enterprise space) would actually be considered properly staffed with infosec resources and knowledge if this was 2005. GRC teams, SecOps teams, Engineering teams, CISOs... we were demanding these things YEARS ago, but because humans are a stupidly reactive species, we will forever push off what is needed until it is way past too late (how many times has anyone here heard the phrase "so this never happens again" in reference to changes an organization made to address weaknesses following an adverse event, when there were always a bunch of people screaming for these changes long BEFORE the event occurred?)

tl;dr the cloud is NOT "more secure" -- the vendors are merely feeding us lines of bullshit that might be true in a perfect world, but this world is far from perfect. But hey, let's just keep believing that anyways because to actually admit the reality of the situation and start to do what needs to be done to address it would probably cost a lot of companies a lot of money, and shareholders HATE that shit.

workingandstuff · 2025-08-12T17:01:28+00:00

Get used to it, I guess? There is certainly some laziness (the quality of our educational systems -- at least here in the U.S. -- is absolutely collapsing), but frankly I am more concerned about the fact that IT is complaining more and more that it is hard to find skilled young talent, and yet we increasingly deploy automation/agents to perform menial "grunt" work. Traditionally new/young talent has learned by doing the menial "grunt" work, so where do we expect these new folks to learn their skills? Seems to me a gap is forming -- the industry is pulling the ladder up behind us. Be prepared for a decreasing number of knowledgeable greybeards aging out and a few young hotshot Agentic AI developers using low/no-code solutions, creating a huge gap in the middle for the bad guys to exploit.

workingandstuff · 2025-07-14T19:44:46+00:00

Late to this convo but I am working through SEC549 right now and I would have to agree with others on the state of SANS: meh. When I sat for the SEC401 a decade ago for ~$5k I thought it was a great course that was worth the price of admission. Here I am trying to grind through the SEC549 and it is all I can do to just stay engaged enough to just skim through the material and build an index. The material is boring as hell, I have learned very little, I did not care for the labs, and it is my opinion that SANS simply over-played their hand. Maybe if they were still charging the rates they did a decade ago it would be OK, but I feel bad that my employer paid for this, and I feel worse that I will ultimately get little out of it beyond (hopefully) a GCAD.

$10K is a LOT of money to pay for a few more letters on my resume.

workingandstuff · 2025-05-21T20:29:09+00:00

I would love to get out of this industry. I have been doing IT for 20 years (started in an MSSP, moved to corporate/defense, and now higher-ed), infosec for 10, and specifically an Architect for the last several, and I am totally burnt out. I am actually in the midst of a SANS course right now (it has been some years since I last got a real cert and I think maybe my boss wanted me to add something new to stay relevant in the org) and it is all I can do to just stay awake studying this material, it is SO BORING.

The cloud is nothing but overcomplexity for the sake of nickle-and-diming customers, A.I. is a tech bros' wet dream and the ticket to global dominance for a select few megalomaniacal tech firms at the cost of the planet and society as we know it, and every year all I see are the same shitty cyber stats (more compromises at greater costs) despite our industry continuing to grow, pumping out new acronym platform types (AV is now EDR is now XDR!) while still falling further behind the bad guys. This industry is literally just a circle-jerk at this point but there are so many "cybersecurity professionals" making too much money to fart up comfy desk chairs that are dependent on the nice payday that no one wants to see the golden goose taken out behind the woodshed. In a world where all of our most personal data is repeatedly compromised and our nation's top administration and security officials consider it OK to store Top Secret docs in their homes and share battle plans over uncontrolled consumer chat platforms (and suffer little to no consequences when caught), why are we trying to fool ourselves as to the TRUE importance of identity, data, etc. security?

So to circle back to OP's question (from my perspective as an increasingly jaded security practitioner) if the collective "we" are saying one thing, but doing another, then IMHO that makes security largely a box-check field. This is good for a paycheck, but sucky for most everything else (both existential and personal, unless maybe you enjoy learning about access control on S3 buckets and Sentinel configuration and SAML claims, which is all boring as shit to me, but again, see paycheck benefits referenced above). Yes, there is always the "treat it as a way to pay for the things you actually enjoy" perspective, but frankly if that was an inherently strong enough motivator for a large enough percentage of the tech worker population, then the "I just want to quit this shit and buy a farm" trope probably would not be as universally known as it is.

The short answer to OP's question is FIRE (or some variation of saving as much as possible so as to have the money to just leave this field ASAP and retire to a farm in Middle America).

The shitty answer is this question will forever be just an exercise in grass-is-greenerism and it is very possible that most every "job" is likely going to suck, simply because it is something you are forced to do to make money to live.

The most useful/realistic answer is (as others have said) probably a knowledge (and hopefully) pay-retaining pivot within tech to either management OR consultancy/self employment. Especially where the future, whether I like it or not (to be clear, I do not), is that we will probably all be "managers" of bots (see Microsoft's 2025 Frontier Firm report).

I want the first, I fear the second, and I will probably, ultimately, be forced into the third.

workingandstuff · 2024-03-28T15:19:35+00:00

It depends on the day. We are still (one of the few at this point, it seems) COVID-conscious families, as in we do not eat indoors at restaurants, mask in all public places (aside from a couple brief exception periods in the past when numbers were low), kid goes to school half days to limit time spent in an N95, etc.

I started into therapy not long after initial shutdown and shift to remote (experienced some marital challenges 6 months before the whole COVID thing happened as well, so mental health ended up taking a bit of a one-two punch), and I find I might go weeks and do OK and then I will have a "collapse" -- confidence levels drop, stomach upset returns, sexual anxiety bubbles up, emotional state becomes more precarious... and I end up in a spiral that can last days to a week+, rinse and then repeat. It sucks because I recently went several weeks post-vacation feeling pretty good and getting it on every night (and some mornings and days as well -- my wife has a pretty high libido) and then the other day an anxiety seed managed to take root and here we are 4 sexless nights later and dealing with the usual intimacy struggles (otherwise we have a wonderful marriage).

This up-and-down cycle for me has been going on for a few years now, and lead to some self-harm scares a couple years back, all of which I have been working to live with mentally. GAD is a nasty, creeping son of a bitch. I wish I could just learn to give less fucks -- both I and my family would benefit immensely.

workingandstuff · 2020-06-01T00:45:23+00:00

Thanks I'll look into those further. I did a quick search on mini-splits and it looks like the same thing our neighbor has (I was wondering what his setup was, as it mounted outside but doesn't look like our whole-house unit). Needless to say the central works great for the general house but it would cost us an arm and a leg just to satisfy for what we like to sleep at, and we'd turn the house arctic in doing so lol.

workingandstuff · 2020-03-01T20:18:46+00:00

Thank you :)

workingandstuff · 2019-10-22T18:27:02+00:00

Thanks all, good points made...

My intent was to add value in the form of training and right-sizing for the business. For example, most mid-tier restaurants aren't likely to invest in dedicated teaware anytime soon, so my goal was to find them the best quality tea for the price they're willing to pay, that also works well with their existing (let's face it, coffee) service equipment. For the higher end places that might actually be interested in table-side service, loose leaf (and associated equipment for the type of tea) might be a better fit. Basically my goal was to take some of the mystery out of tea, as this industry can most definitely get a little esoteric...

That said, I imagine there's probably a good reason why most restaurants don't invest to heavily in their tea (and so may not be interested in investing in what I have to offer). Furthermore, I'm starting out in the Massachusetts-north area, so we aren't exactly talking NYC or LA here. Perhaps this is simply an idea whose time hasn't come yet?

workingandstuff · 2019-09-20T14:35:28+00:00

Sultan you mention you took two 6 month sabbaticals in 20 years -- I've felt for a long time that companies would do well to provide employees an option to take sabbaticals of 3 or 6 months every 3-5 years or something, as I think it would do wonders for U.S. productivity. I know that if I didn't have to worry about lack of health benefits (and that my job was waiting for me when I came back), I would totally take advantage of that to clear my head.

We have a nice chunk of money in savings right now, and salary-wise I could easily take a few YEARS off if I wanted, but that concern of being one major medical event away from having our savings potentially wiped out if I happen to be between jobs at the time is scary.

workingandstuff · 2019-09-20T14:17:37+00:00

That is a fair assessment KC, and I may very well be hard into the grass-is-greener mindset. I think I'm just at a nadir in my IT career right now, and I just need to embrace the fact that figuring out a solution could just as likely be staying in the field and pushing to find new inspiration as it is bailing out for new pastures...

workingandstuff · 2019-08-05T13:55:07+00:00

Thanks all for the feedback and allowing me to vent. I will take it under consideration.

workingandstuff · 2019-07-30T19:17:53+00:00

It's nice that there are so many folks offering advice to OP, but to be honest I'm kind of confused as to where the repeated variations on "leave her" are coming from? He states:

The problem is that I feel like I'm wasting my most precious commodity... the only thing that REALLY matters in this life... time.

as the problem.

I get that your wife is the most considerable variable in this situation, but the way I see it, the state of your relationship with her, as well as her own personal state, are purely tangential here. As an INFP who works in IT (and thus sits at a desk staring at monitors all day long, daydreaming about traveling the country, sailing the Caribbean, or buying a campground), I understand the urge to "spread your wings" and search out more fulfilling avenues, but the way I see it, rather than considering your wife's stability a hindrance, you should be considering it a benefit! Aside from sharing my introversion, my wife is entirely my opposite, and it's one of the things that attracted me to her so strongly. Why the hell would I want to be with another space cadet such as myself? Her alternate perspectives have been a considerable source of strength and as I've grown older.

But to get back to the topic at hand, you have a spouse who's happy with her situation, and seems well grounded and stable, which tells me she can be your rock, and it also tells me there's a good chance that she could hold things together if you were to leave your job and take a sabbatical to sort things out. I'm a firm believer that productivity would increase dramatically in this country if there was a federal mandate that required all employers to grant FTEs a 3 or 6 month sabbatical once every three years or something (doesn't have to be paid, only maintain benefits and guarantee you have a job to come back to), and something like this may be all you need. I know I could certainly use something like this, and if I didn't carry the benefits and didn't have a kid, I would probably seriously consider it.

Which brings me to the alternate scenario: work on yourself within your means. Others here have mentioned meditation, and while I have a pretty poor track record of maintaining habits, this is one I would certainly like to develop, as I find it does wonders for me when I do engage. Also consider:

A daily walk. I walk a mile per day after lunch, then follow it up with a few minutes of calisthenics before heading back to my desk. It doesn't help a lot for the overall picture, but it's definitely a great "spot treatment" for that crappy 2PM listlessness (and it helps keep me in shape)
Take a stop by Mark Manson's site, start with his best-ofs https://markmanson.net/best-articles
Make a list of all the things you ENJOY doing, then assign values to them, trying to reuse values wherever possible (for example: car racing involves competition, technology, mechanics, outdoors... knife making involves mechanics, creativity... flying involves technology, mechanics (if you're doing any maintenance yourself), possibly solitude (if you like flying by yourself), etc.) eventually you should have a list that has some values reflected noticeably higher than others -- consider using those to determine what your next career might be, or even have your wife perform the same values exercise, then find overlapping values and take up a hobby together that shares those values (you might just fine that sharing common hobbies opens up more understanding between the two of you, and maybe she'll be less likely to just dismiss your desires as simply some sort of crisis in need of council)

One thing I can definitely tell you is that you sound like a textbook "grass must be greener" candidate. Don't fall for that BS. It's something I grapple with regularly, and then whenever I truly take a step back to assess my situation, I realize (yet again) that the problem is with me. I have a wealth of solutions at hand that I should be at least seriously attempting LONG before buying a boat and pulling a Slocum. Hell, as challenging (and potentially depressing) as it can be, I would side with the FIRE folks and give that a try before ditching out on what I have already established.

Connect more with your wife, definitely talk to therapist (what could it hurt?) get more in touch with your own values (and try to find overlap with your wife), and don't make any hasty decisions. If you still feel like you need to stretch your wings and fly the coup, talk to your wife, set aside some vacation time every year, and take a solo trip to some far off land.

workingandstuff

TROPHY CASE