Also decline in Security engineer by 0.35% doesn't make sense by conventional wisdom. Shouldn't it be increasing due to increased demand for security in all ai integrations?
I wouldn't be surprised by a drop in security postings. Quite a few companies view security as an "overhead" so the siren call of reducing that overhead by introducing AI is a thing.
Also for a lot of jobs in security it's pretty hard to measure how well it's being done, so if the AI based solutions are worse, that might not show up for a while
> for a lot of jobs in security it's pretty hard to measure how well it's being done
Nothing going wrong: “What are we paying you for?”
Everything going wrong: “What are we paying you for?”
It’s a no-win situation unless you manage to score a division manager who understands security and understands the reports a good security division produces. And most importantly, understands that no news is good news.
We also need to consider the confounding effect of corporate performance and recession expectations.
Cost centers in businesses are early canaries of expected pain, and a reduction in security roles may reflect belt-tightening irrespective of AI impact.
Security products and practitioners are the classic snake oil salesmen. They are actually sales and marketing roles for help closing deals by emphasizing some security aspect. True security comes from general IT practices followed by engineers themselves.
I would be wary of making categorical claims like this, but it's unfortunately true that "security" field hasn't been doing well in a long, long time now.
Half the field is B2B "magic bullet" solutions like CrowdStrike and all the associated sales tactics - with pitches that boil down to "you give us money, we make your security issues go away". Half of what remains is mandatory certifications and other flavors of checklist-obsessed cargo cultists - often CYA-driven, often demanding the adoption of the fancy acronym of the day, regardless of the real threat profiles. Then you get the "security snake oil" - "magic bullet" systems that don't work, never did and never will, but are supported by the right influence groups and get the right pockets lined, and so are used anyway. DRM systems like WideVine and PlayReady being the prime examples. Then there are the corporate "security of our business model" shills - who pay lip service to "security", but have the true aims of "prevent anyone we don't like from doing anything that can harm our revenue streams" - with Apple being a common example.
And about a fifth of the field is people who do actual security work, and keep the sky from falling.
I agree with you totally, although I'd venture to guess 20% is way too high. I'd say you have about 10% people doing security work, 15% doing compliance, and the rest are consuming oxygen.
It's a growth field, so you have lots of idiots getting certifications and stupid jobs. Reminds me of the 90s when I started, and companies were paying MCSE's (ie read a book, hit next-next-finish in Windows NT) more than software engineers in some markets.
> True security comes from general IT practices followed by engineers themselves.
I have yet to meet an org whose engineers care about security, or who would not compromise security if secure practices got in the way of shipping a product or feature.
I consistently see this commenter making a single comment, of questionable relevance, expressing a strong opinion which isn't particularly thoughtful or interesting or true. Then they ignore the pushback and move on to the next thread, where they post another tangential hot take. I'm not at all surprised at the result. Those comments attract a lot of downvote because they aren't very good.
This thread is a microcosm of that. They went on a tangent from a tangent to express how little they think of their colleagues working in security. It wasn't out of curiosity, it didn't raise interesting questions or provoke interesting debate. They didn't defend or substantiate their opinion so that they and we could learn something from it. It was just a drive-by flamebait to stir the pot and express derision. It should be downvoted; it's a bad comment.
Perhaps that pattern is difficult to see when their hot takes align with your own takes.
On the continuum of approval, where at one end there is endorsement and at the other disapproval, it's somewhere in-between. Even I who made the observation don't know exactly where. Sometimes something jumps out at me and I don't yet why.
It could be an incorrect observation. Some of what they said seems true, some false. I don't know enough about security specifically to say. I know a lot about other things to know he said some things that are true.
It's astonishment at perhaps some kind of law of the universe that things that seem one way may be a different way.
It's an exclamation at the poetic irony of someone expressing there's gray area in some things gets downvoted and their comments are in gray colour.
It's a way to introduce myself, to say hi Mr Monero user, and pass a super secret note.
I meant no disrespect.
Perhaps my reply here is astonishment at how interpretation of words may depend on imagination. As if words alone aren't enough.
I post my view that is against the HN hive mind and don't always feel like rebutting the same hive mind talking points again and again. I like to post to prove there is an alternative view out there
I'm also guilty of what they accuse you of. Sometimes my internet comments are not made for the purpose of sparking discussion, but more of a "vent" where I know my take is not popular but I feel the need to throw it out there anyway. The comment is more for "me" than anyone else. And, yeah.. that makes it a bad comment lol.
I also just love playing devil's advocate, and I'm adverse to hivemindy-feeling opinions (even when I share them). Maybe this all describes you, too.
I don't have a problem with people doing that as long as they don't pretend that every other commenter holds the same contrary opinion and that the downvotes indicate they're too sensitive to discuss such things, or other similar rationalizations. If you want to leave some drive-by snark without rationalizing it as being about other people, it's not my favorite kind of comment but I'm not going to object to it either.
The downvoting functionality here and in other forums can mean many things. It isn't a precise thing. If it is precise I'm not finding a clear definition. It can mean I disagree, this is boring, this is false, this made me sad, I don't like reading this, I don't like this user, I'm tired, etc.
One plausible interpretation of a downvote without a comment is drive-by snark without rationalizing.
I don't know your motivations but I know the "HN hive mind" isn't the problem. When you do engage with people who disagree with you, it usually becomes evident to me that there isn't much substance behind your views and that you struggle to disagree amicably. I also see lots of people on HN with a similar perspective to yours who don't have the same problems or engage in the same patterns of behavior.
The facts are that HN has a diverse set of perspectives with many conservative/libertarian commenters who would align with you, but that your comments are frequently shallow flamebait. Though I have seen a couple good points you've made, as well. Do with that information what you will.
I disagree entirely, I don’t even post very frequently so it’s surprising I have someone tracking my posts. The shorter a comment the better it is, if the same opinion that takes an essay can be distilled into a sentence
My first comment on this whole thread was how security in tech is theater, and the sellers mostly snake oil salesmen. I’m not the first to make this observation and I don’t think it’s wrong. Which is why employment in the sector is down, full circle to the OP
Go ahead, take that slim, speculative, tangential connection and interpret it as permission to inject your hot take into the discussion. Decline to elaborate when your supposition is challenged. You've every right to do that.
Just don't pretend that it's for our benefit or that we downvote it because we're unthinking drones, or that you decline to elaborate because we're simply not capable of having the discussion.
I tell you this because if I were insulating myself inside a bubble and rationalizing my interactions with those who disagree with me as being the reflexive behavior of a hive mind, I would hope someone would point that out to me. So here it is; again, do with the opportunity what you will.
This website is full of unthinking drones acting with hive mind behavior, that is my contention, and I think very differently, not just on here but with almost everyone I engage with. However I succeed over and over with asymmetric bets on a wide variety of things, including and especially tech and making money in tech, so if we compare bank accounts and career trajectories, investments, etc. it would be wise to let me speak
Overweighing people's opinions on matters they demonstrate a shallow engagement with on account of their success in other areas is cargo culting. Maybe you should worry less about HN and more about your own reflexes to accept bad ideas from yourself and others based on their wealth. Maybe succeeding in contrarian bets doesn't make you "correct" in some moral sense, but only successful in the trade.
It's easy for me to believe you're an intelligent person who's accomplished impressive things. But it wouldn't contradict anything I've said.
I own a software business with hundreds of employees I built from nothing. I know all about tech security, hiring security guys, etc. It is a cost center, the directors / VPs / CSOs are overpaid salesmen, 99% of the products you want are features from cloud vendors or provided by standard tools like device management or password managers. I totally get the patina desired by large corporations who need to show wall street they care about security. When I box check I use a super cheap cut rate firm who can check boxes for me at the lowest cost because it is total bullshit. I'm sorry this is the reality
It's understandable to have sour grapes after having some bad experiences, but what I'm hearing is unrelated to any impact AI is having on the job market. You're talking about security products you think are snake oil and executives you think are overpaid; that is unrelated to trends in job postings for security professionals, working at software companies, and how that might be impacted from AI.
This is what I've been saying. You've got some random grievance, you want to take this discussion as an opportunity to get it off your chest. But you don't want to engage with people challenging your ideas. And when for whatever reason you do explain yourself to me, your explanation is "I am wealthy and successful, so I must be right. Those who disagree with me are an undifferentiated mass of imbeciles that I have nothing to learn from."
If that's how you want to live, it's your right. You're only cheating yourself, so maybe I'll just shut up and let you get on with it.
> Just don't pretend that it's for our benefit or that we downvote it because we're unthinking drones
The reason many comments are downvoted on HN in general is most often unknown to me. One interpretation is that it's a major flaw in HN.
This design decision by HN could be intentional, as a trade-off to achieve something else. For example, it could be done to have high velocity of discussion. High velocity could preserve an invariant of keeping or pulling users on the site.
If it's a trade-off, which would suggest something is given up for it, it might be worth exploring what's given up.
I could easily see those just running tool and then printing report being replaced by script running the tool and passing results to LLM and then sending report.
From what I can see, being closer than the average engineer to the space (but not an expert on my own), a few things are happening:
* Engineers are being pushed for ownership of security more directly. You still need someone on the team to guide and support them, but they're not going to be directly involved all of the time.
* Significant amounts of automation and centralized security. Supply chain management is a double edge sword. It does open up vulnerabilities, but you can simply pay one of the SaaS companies in the space to help with a lot of the heavy lifting.
Bold of you to assume there is any demand for security in AI integrations. It's like 90s web browsers, everyone's running random MCP servers that do god knows what.
I think it's because companies are moving away from in-house security and hiring 3rd party companies for security work. It also depends on the time of year this was taken. Q4 is the busiest time for security. Q1 is the slowest.
I'm a security consultant and work with multiple companies that provide security services. Work has increased massively in the last year.
