Best mid/long-term career: security vs big data

yzT

For the past five years I've been into the security world. I have learned many things, from technical to management. Got a Sec+, a Bachelor's and a Master's, and have worked as security engineer for some time. However, lately I've been thinking whether or not this is a profitable path for mid or long-term careers.

Nowadays, both fields are the hottest in IT, but increasingly I'm seeing big data related positions to be more beneficial for the future. We are used to see different positions such as sysadmin and security engineer, but in the coming years such difference will no longer exists. People is getting trained now in security, both from systems and from programming point of view. So in the future, there won't be a need for security professionals as there is right now, because software people will know how to securely design and develop applications, and sysadmins will have enough knowledge to handle security incidents and to assess the security of the infrastructure. SMBs are relying on third parties to run their services, so according to the above said, positions such as pentesting will also disappear as the sysadmins of that third party will know what to do. With all police departments and countries developing cyber security programs, even forensics applied to legal issues as we know it nowadays are doomed, because it will be the police the ones to carry out the analysis and not an authorized third-party.

For the other hand, every business runs thanks to data, and this is just going to increase till the end of time. Heck, even security firms are moving to big data to provide threat detection services.

What's your opinion about this matter? For now I'm still on security, but closely keeping an eye on how data analysis jobs evolve.

NetworkNewb

Sounds like someone could've made this type of argument 20 years ago...

JoJoCal19

For me, when I look at future potential and job security, I ask one question. "Can this work be offshored to India or given to a bunch of folks who come here on H1B visas?" (See Disney World recently). And when I think of the one thing that is the least likely, its security. I just can't see companies doing that with their security. On the other hand, why couldn't they easily outsource Big Data responsibilities?

Cyberscum

Security ==> MSP/Cloud
Big Data ==> MSP/Cloud


Artificial intel seems to have a bright future

E Double U

JoJoCal19 wrote: »

And when I think of the one thing that is the least likely, its security. I just can't see companies doing that with their security.

Depends on the security function. My previous employer, a telco, cut half of our SOC and sent the work to India.

Cyberscum

JoJoCal19 wrote: »

For me, when I look at future potential and job security, I ask one question. "Can this work be offshored to India or given to a bunch of folks who come here on H1B visas?" (See Disney World recently). And when I think of the one thing that is the least likely, its security. I just can't see companies doing that with their security. On the other hand, why couldn't they easily outsource Big Data responsibilities?

I see more and more SMB and local businesses switching to MSP for security/IA functions. I also see a lot more discussions about migrating classified services to the cloud, which was taboo to even speak about a couple of years ago.

The driving factor for these discussions in the gov is the convenience of centralized compliance. Patch management, AV, scanning, vul management, user auditing etc...

From their perspective; having oversight of security for the entire domain from one centralized location seems like a good idea.

renacido

yzT wrote: »

Nowadays, both fields are the hottest in IT, but increasingly I'm seeing big data related positions to be more beneficial for the future. We are used to see different positions such as sysadmin and security engineer, but in the coming years such difference will no longer exists. People is getting trained now in security, both from systems and from programming point of view. So in the future, there won't be a need for security professionals as there is right now, because software people will know how to securely design and develop applications, and sysadmins will have enough knowledge to handle security incidents and to assess the security of the infrastructure. SMBs are relying on third parties to run their services, so according to the above said, positions such as pentesting will also disappear as the sysadmins of that third party will know what to do. With all police departments and countries developing cyber security programs, even forensics applied to legal issues as we know it nowadays are doomed, because it will be the police the ones to carry out the analysis and not an authorized third-party.

I pretty much disagree with everything you've said here. It's like saying that every kid who graduates from med school will soon be able to do neurosurgery in the morning, treat cancer patients after lunch, and finish the day in the lab testing a new antibiotic.

I file the "security jobs going away due to automation/absorption into mainstream knowledge" beside the "IPS/AV/patches don't matter anymore" stuff that security product vendors have been spouting for years. It's nothing but bullcrap meant to fool CIOs/CISOs into spending their budgets on their latest high-markup shiny objects, and they know that step one of their sales process is to devalue everything that said CIO/CISO is currently using their budget for. Humbug! Let's come back in 2020 and see who was right.

NetworkNewb

Cyberscum wrote: »

Artificial intel seems to have a bright future

Yeah, but then the things you work on are just going to be smarter than you and will just take your job in the end...

Cyberscum

NetworkNewb wrote: »

Yeah, but then the things you work on are just going to be smarter than you and will just take your job in the end...

hahaha, this made me laugh. Why does it seem that most IT guys are all doom and gloom.

JoJoCal19

E Double U wrote: »

Depends on the security function. My previous employer, a telco, cut half of our SOC and sent the work to India.

Even though I disagree with any offshoring of security functions, low-level SOC analyst work is about the one thing I can see being offshored, but then that's why I've stayed away from that type of work. I went from IAM work (which was under constant threat of being outsourced and/or offshored, to GRC work, and now I've made the transition to high level engineer work. Now I just need to pick something to specialize and deep dive in, maybe something niche.

Cyberscum wrote: »

I see more and more SMB and local businesses switching to MSP for security/IA functions. I also see a lot more discussions about migrating classified services to the cloud, which was taboo to even speak about a couple of years ago.

The driving factor for these discussions in the gov is the convenience of centralized compliance. Patch management, AV, scanning, vul management, user auditing etc...

From their perspective; having oversight of security for the entire domain from one centralized location seems like a good idea.

SMBs (heck even some large companies) outsourcing security functions to an MSP is nothing new, and even then there's still jobs for us at the MSP providing those services. I'm talking about offshoring to India. At least with an MSP those jobs are still here for us to get. But I do agree on the cloud becoming more prominent in security. I'm already seeing it with some of the solutions and products that I am evaluating for our company with them being offered in SaaS form.

the_Grinch

For lower level security related work, you will see it outsourced, but as far as incident response and forensics I think you're safe. Big Data is very buzz worthy right now, but take it from me....there aren't a ton of resources to help you out. The big data industry is my opinion barely born at this point in time. Nobody knows what it does, how to use it, or how to truly set it up. I have a Hadoop cluster up and running right now and I can tell you that everything is a battle. Nothing works the way the guides or even the software says it should. Everyday, in all honesty, is a nightmare.

Also, there is really no money in being the guy who sets it up or keeps it running. So if you do go the big data route you need to be the one making sense of all the information. So ramp of your statistical skills, learn to develop, and then look into big data if you feel that is your way to the future.

yzT

the_Grinch wrote: »

Also, there is really no money in being the guy who sets it up or keeps it running. So if you do go the big data route you need to be the one making sense of all the information. So ramp of your statistical skills, learn to develop, and then look into big data if you feel that is your way to the future.

yeah, when I said big data I meant to be the one who make decisions. The cluster is handled just for another sysadmin.