My background: I spent about 6 years building security products in 3 companies (from the point of view of a software developer, mainly. This is different, and in many ways “inferior” to your experience, even if it is longer). Software security is also a very common occupation in my social group (and in my ecosystem (Israel)).
My impression is that almost the entire software industry is busy helping companies put a checkbox that they “have this security feature” and adds little to actual security.
In one “company” I worked for, this wasn’t the situation, it was actually very serious and actually aiming to be incredibly secure, but I prefer not talking about it publicly.
I think that someone like you would be really valuable for a company like Anthropic to get ACTUAL SECURITY rather than hiring some person with lots of credentials. If this domain attracts you (and it is only the culture that you hate), I’d like to encourage you to go ahead and do it right. Perhaps you could even build (or find and join?) a community of people trying to do actual security instead of waving around diplomas.
I have personally had too much of this nonsense and intend to never go working on security stuff again.
My background: I spent about 6 years building security products in 3 companies (from the point of view of a software developer, mainly. This is different, and in many ways “inferior” to your experience, even if it is longer). Software security is also a very common occupation in my social group (and in my ecosystem (Israel)).
My impression is that almost the entire software industry is busy helping companies put a checkbox that they “have this security feature” and adds little to actual security.
In one “company” I worked for, this wasn’t the situation, it was actually very serious and actually aiming to be incredibly secure, but I prefer not talking about it publicly.
I think that someone like you would be really valuable for a company like Anthropic to get ACTUAL SECURITY rather than hiring some person with lots of credentials. If this domain attracts you (and it is only the culture that you hate), I’d like to encourage you to go ahead and do it right. Perhaps you could even build (or find and join?) a community of people trying to do actual security instead of waving around diplomas.
I have personally had too much of this nonsense and intend to never go working on security stuff again.
Thanks for your response! I am leaving InfoSec for now as well.