The key roles we have in mind are a bit closer to what is sometimes called “security officer,” i.e. someone who can think through (novel, GCR-focused) threat models, plausibly involving targeted state-based attacks, develop partly-custom system and software solutions that are a match to those threat models, think through and gather user feedback about tradeoffs between convenience and security of those solutions, develop and perhaps deliver appropriate training for those users, etc. Some of this might include things like “protect some unusual configuration of AWS services,” but I imagine that might also be something that the security officer is able to outsource. We’ve tried working with a few security consultants, and it hasn’t met our needs so far.
Projects like “develop novel cryptographic methods” might also be useful in some cases — see my bullet points on research (rather than implementation) applications of security expertise in the context of AI — but they aren’t the modal use-case we’re thinking of.
But also, we haven’t studied this potential career path to the level of depth that (e.g.) 80,000 Hours typically does when developing a career profile, so we have more uncertainty about many of the details here even than is typically represented in an 80,000 Hours career profile.
The key roles we have in mind are a bit closer to what is sometimes called “security officer,” i.e. someone who can think through (novel, GCR-focused) threat models, plausibly involving targeted state-based attacks, develop partly-custom system and software solutions that are a match to those threat models, think through and gather user feedback about tradeoffs between convenience and security of those solutions, develop and perhaps deliver appropriate training for those users, etc. Some of this might include things like “protect some unusual configuration of AWS services,” but I imagine that might also be something that the security officer is able to outsource. We’ve tried working with a few security consultants, and it hasn’t met our needs so far.
Projects like “develop novel cryptographic methods” might also be useful in some cases — see my bullet points on research (rather than implementation) applications of security expertise in the context of AI — but they aren’t the modal use-case we’re thinking of.
But also, we haven’t studied this potential career path to the level of depth that (e.g.) 80,000 Hours typically does when developing a career profile, so we have more uncertainty about many of the details here even than is typically represented in an 80,000 Hours career profile.