I saw an assertion on Slashdot today that Millennials aren’t interested in information security, in spite of the average salary in the field being six figures. I’m not sure I agree with the article’s assertion that 24% of those polled being interested translates into disinterest, though. How many of them are interested in other white-collar professions, like medicine or accounting or law?
I also disagree with the article’s definition of information security. The article asserts that information security is working for “The Man,” namely, the government, and information security isn’t just for governments anymore.
In fact, many businesses are considering the government an adversary now, in addition to its traditional role as a regulator. So any large public company needs information security professionals to ensure they are complying with Sarbanes-Oxley and, perhaps, other industry-specific regulations and to at least pay lip service to keeping the NSA out of the company’s business.
Keeping the NSA out right now is probably a losing battle, but someday it may be feasible again. Businesses need information security professionals so they know what’s the best they can do right now, as well as next year.
The nice thing about information security is that a company of any reasonable size needs it. For several years, I worked on computer systems that either gave orders to airplanes, or sat on the airplanes themselves. It allowed me to work in the aviation industry without knowing a thing about aerospace engineering. I like aviation, so there was a lot to like about that series of jobs.
Today I work in the medical field without being a doctor. By bizarre coincidence, I work within walking distance of where Dad started his medical practice.
It’s also a growing field. I keep hearing estimates of 20% year over year growth for at least the next five years.
So the pay is good, the field is growing for the foreseeable future, and you have a chance to work for a company that interests you, not just whatever company happens to be hiring at the moment.
But I think the other thing is age. Most Millennials are still very young and still figuring a lot of things out. When I was fresh out of college, I wasn’t sure if I wanted to be Mike Royko or Denny Atkin, but that was the direction I thought I was headed. I took jobs fixing computers and administering networks because I decided becoming the next Denny Atkin was more realistic. Very few people know this, but when I was 29 I applied for a job as a magazine editor. A year or two later I stumbled across this fledgling field called information security, more and more information security roles fell to me by default, and I accidentally became a security professional.
I’ve moved around a lot in my career, but that’s nothing compared to how much the typical computer journalist moves around, thanks to the computer and journalism industries changing so much. If one isn’t tossing you about, the other probably is.
If I were 15 years younger, I’d be mildly interested in information security, but I don’t think it would be at the top of my list either. Then again, I’m not sure that’s a problem, given that it’s a role that most people have to grow into anyway.