alt Hacker NewsI'm a head of security, great career, did engineering into management, made a tidy living doing advanced work as a risk plumber across companies that have been relevant. I've built great teams, met and solved hard IR, delved into the real reaches of vuln research, other neckbeard things, got paid very well along the way. Seen and worked on the APT issues.
More or less, I am the attractive resume, and: the game has changed folks.
For what it is worth, I am taking my ball and going home in about 12 months. I've saved enough, locked in a perma-middle class lifestyle in a great nondescript city, and swapping over to offensive consulting and a AI-free, non-tech trade that won't take too long to get into - think a PA, nurse, plumber, etc.
I'm not quite old enough and with the end of responsibilities as to FIRE, but I can read the writing on the wall enough to understand an AI-proof FI needs to be locked in before everyone else realizes the same. Many others in sec are feeling this.
I think tech will find security pros willing to throw themselves into the fray for pay and optimism. There are others like me who are extracting their final nuts. There are others who have golden-handcuffed themselves into this ride with their mortgages and private school tuitions. And I'm sure some others will stick it out. There will also be an AI-enabled version of sec eng soon enough.
But if private sector doesn't wake up to AI integrations - internal doc rollouts hoovering up PII that wasn't supposed to be stored there, externally-facing customer support portals social engineered and pivoted into, PRs via Slack comment via marketing hires who are ATO'd - this is going to be a 1990's-style BBQ where 0days on critical systems are dropped at happy hours at conferences nightly.
And: your security teams are going to be burned out, banking up, and quitting. The risk acceptances, the double-speak, the slow-rolling, the half-baked risk thinking for engineering and product leads, the corners cut, the public endpoints opened up just this one time - that's going to be enough rope, and already is enough, to hang yourself in this offensive context that's building now.
It is deeply humorous that SWE and engineering leadership has worked itself into this position via its AI push to unemploy itself while thinking it's the 1x white collar job exempt from automation threats.
All it'll take is another recession like '08, and the leaves get shaken off the trees finally. Thankfully there is only one (wait, there are two probably), thankfully there are only two-to-three (wait, there are like 10) systemic market threats right now.
Replies
This is huge and something I've been hearing a lot of rumblings about.
I just did some quick research:
- ~4.8 million unfilled cybersecurity roles globally as of 2025–2026
- Global workforce ~5.5 million, but ~10.2 million needed to meet demand
Not to mention the growth in the industry has slowed to ~0.1% year over year and you're seeing those shortages are outpacing the current workforce. Add in the most senior folks like yourself are just noping out and leaving the industry wholesale is troubling and unsettling.
Its not surprising we're seeing an unprecedented level of successful attacks. We simply don't have the resources to keep up with the criminals/hackers out there who are moving significantly faster than the companies they are targeting.
As others have pointed out, I'm not sure how this can get anything other than much worse in the near future.
I'm starting to think anyone who knows anything about software engineering has a moral obligation to step up and defend against what's coming. I think the world needs us more than ever, this is a critical time that can go one way or the other. We need to use AI to defend and protect ourselves and the ones who can't protect themselves against malevolent AI and its users.
> a AI-free, non-tech trade that won't take too long to get into - think a PA, nurse, plumber, etc.
I'm not sure if personal assistant or nurse are going to be AI-free. Plumber, welder, bricklayer, pest exterminator, sure. Don't underestimate the downsides of physical labor, though. Low pay and backbreaking.
What writing on the wall? If anything, I think you'll be more needed, not less, in times to come.
i've been saying there's going to be some interesting "computer glitches" in the news over the next few years. We've already had one where someone convinced an AI to sell them airline tickets for $1. I expect many more strange bugs, some being very bad, in the future.
There are two polar opposite vibes in this comment section: one guy above is calling FOMO, we should all get into the security trade, and yours is FUD.
I hope this all lands somewhere in the middle but honestly who knows at this point.
Feels like that there was a World War started on smaller spark than some of those in the OP in a tense world. And this world is tense again, very tense.
I totally appreciate this take and have thought something similar but I am old enough to be familiar with the part of my brain responsible for these thoughts and know it has a long track record of being horribly wrong.
Sure, hedge your bets. Get financially secure. But also consider that "nothing ever happens" is usually correct and the world has a way of ensuring things keep going in the direction they have to in order to give stability to the establishment (which we are generally a part of).