Comment by raesene9 13 hours ago
I wouldn't be surprised by a drop in security postings. Quite a few companies view security as an "overhead" so the siren call of reducing that overhead by introducing AI is a thing.
Also for a lot of jobs in security it's pretty hard to measure how well it's being done, so if the AI based solutions are worse, that might not show up for a while
Security products and practitioners are the classic snake oil salesmen. They are actually sales and marketing roles for help closing deals by emphasizing some security aspect. True security comes from general IT practices followed by engineers themselves.
I would be wary of making categorical claims like this, but it's unfortunately true that "security" field hasn't been doing well in a long, long time now.
Half the field is B2B "magic bullet" solutions like CrowdStrike and all the associated sales tactics - with pitches that boil down to "you give us money, we make your security issues go away". Half of what remains is mandatory certifications and other flavors of checklist-obsessed cargo cultists - often CYA-driven, often demanding the adoption of the fancy acronym of the day, regardless of the real threat profiles. Then you get the "security snake oil" - "magic bullet" systems that don't work, never did and never will, but are supported by the right influence groups and get the right pockets lined, and so are used anyway. DRM systems like WideVine and PlayReady being the prime examples. Then there are the corporate "security of our business model" shills - who pay lip service to "security", but have the true aims of "prevent anyone we don't like from doing anything that can harm our revenue streams" - with Apple being a common example.
And about a fifth of the field is people who do actual security work, and keep the sky from falling.
I agree with you totally, although I'd venture to guess 20% is way too high. I'd say you have about 10% people doing security work, 15% doing compliance, and the rest are consuming oxygen.
It's a growth field, so you have lots of idiots getting certifications and stupid jobs. Reminds me of the 90s when I started, and companies were paying MCSE's (ie read a book, hit next-next-finish in Windows NT) more than software engineers in some markets.
> True security comes from general IT practices followed by engineers themselves
Sounds exactly like something the average security practitioner would say...
`not_sure_if.jpg`
> True security comes from general IT practices followed by engineers themselves.
I have yet to meet an org whose engineers care about security, or who would not compromise security if secure practices got in the way of shipping a product or feature.
I'm a bit amazed you consistently get downvoted while you seem to speak the truth. So much gray in your comments.
I consistently see this commenter making a single comment, of questionable relevance, expressing a strong opinion which isn't particularly thoughtful or interesting or true. Then they ignore the pushback and move on to the next thread, where they post another tangential hot take. I'm not at all surprised at the result. Those comments attract a lot of downvote because they aren't very good.
This thread is a microcosm of that. They went on a tangent from a tangent to express how little they think of their colleagues working in security. It wasn't out of curiosity, it didn't raise interesting questions or provoke interesting debate. They didn't defend or substantiate their opinion so that they and we could learn something from it. It was just a drive-by flamebait to stir the pot and express derision. It should be downvoted; it's a bad comment.
Perhaps that pattern is difficult to see when their hot takes align with your own takes.
I don't understand what "you seem to speak the truth" means if it isn't an endorsement?
I post my view that is against the HN hive mind and don't always feel like rebutting the same hive mind talking points again and again. I like to post to prove there is an alternative view out there
People are sleeping on AI in sec, lots of lazy sec engs and architects going to be SoL sooner rather than later.
We also need to consider the confounding effect of corporate performance and recession expectations.
Cost centers in businesses are early canaries of expected pain, and a reduction in security roles may reflect belt-tightening irrespective of AI impact.