In this blog, I’ll explore and explain the “why” of this, including drawing on my own experiences. I’ll also investigate the wider issue which is experienced by many people in technical roles – “where do I go from here?”.
Naturally, as an Infrastructure(?) Engineer, this post will have a strong bias in that direction. However, with colleagues and friends in other similar technical roles I recognise that this really is a 21st century problem, as a lot of the discussion points in this post also apply to them.
Me, me, me
My current job title is Lead Engineer. I’ve discussed in previous posts how I feel about job titles – especially in the “Software” and “Infrastructure” landscape – so I wont rehash this, except to say that I don’t feel they’re terribly important.
I started my career as a Musician(ish), by which I mean this is my only formal training, and my highest achieved level of education (apart from the University of Life, amirite?). I then joined a “Full Stack” (more guffaws and comments on that at a later date!) developer training programme. A truly visionary programme of education masterminded and run by Mayden Ltd, intended to pay people to become the developers they were struggling to recruit. I got into this programme on the strength of being a nerd.
I’ve always been a nerd. I wear nerdism with pride, and love spending time in environments where there’s a shit load to learn. This is something which I feel is a prerequisite of doing … this. Tech moves fast, Cyber Security faster. If you don’t like learning, you will at best stagnate, and at worst find yourself unemployed.
Later, I realised that programming wasn’t quite what I was best cut out for. So I followed my passion for Linux and the Operations part of DevOps, and became what we called at the time a SysAdmin (or as I like to call them, “SadMins”).
Growth in Cyber Security careers
After being allowed to make a sideways move into “using Linux as a job”, I quickly rose to the rank of… well I didn’t. We didn’t go in for “grades” of SysAdmin; we knew where our strengths were as a team, worked to fill gaps in team expertise, and all considered ourselves “T shaped” employees. I still do.
I then worked at a further two firms as various flavours of engineer (Site Reliability, DevOps – all the flavours of the month), bringing us to my role at TSC. Here, my experience warranted the title “Lead Engineer”. Apart from being very flattering, this made me realise that within my little corner of techdom, I was at the top of non-managerial/technical roles (in terms of hierarchical title). I then had to ask myself the question, “what next?”.
So…what next?
Upon examining my situation, I noted 2 things:
- I had been “growing” this whole time. Look at me Ma, I’m Lead Engineer!
- This is what modern technical careers look like.
If an individual is not interested in management progression (i.e. managing people, processes or projects) they can absolutely become “Lead” or “Senior” in their chosen niche within 5 years of starting their career. I mean, I didn’t, but I don’t do anything in a straightforward manner, and even left the industry for a minute to brew beer (but that’s a story for another time).
Fortunately perhaps for me, I am interested in management roles in the future. But what if I wasn’t? Would I stay in this role, on this salary till the end of time? How could I convince companies that I was worth more to them than the day I joined without jumping through the “normal” next-rung type promotion hoops that other careers “benefit” from?
The answer, I believe, is surprisingly simple.
Howl’s Moving Goalposts
In technical industries, as alluded to earlier, one must become a life long learner. Technologies change – occasionally even for the better – and knowing how to leverage new (and sometimes old) techniques to achieve business goals is the crux of what we do. In effect, this is what powers our progression in our cyber security careers.
I think of it like this: if my first language had been BASIC, and I never learnt how to leverage anything more modern to address business needs, my career would have flatlined. If one wishes to remain technical, it is important to remain current. If one wants to keep increasing their salary, it is even more critical that one enters into salary reviews with evidence of how things they have learned offer value in solving business requirements, and increase their value to the company in doing so.
A dishonest BOFH would have once done this by forcefully inserting arcane “invented here” technologies and processes into a business, and then rely on the fact that they had become the only available domain expert in the field to drive up their salaries (and ensure their job security). Hopefully we’re passed this now as an industry, but it was very common practice for a while. Gatekeeping is still a very real problem in technology; find me a K8s tutorial which describes in plain language how to approach applying this technology to a business need.
Cyber Security careers: the endgame
In conclusion, no matter your role in technical industries, I believe this is a solid set of working principles:
- Keep learning.
- Evidence the value that your new knowledge brings to your work place.
- Explain that additional value to the money people.
- Politely state that you’re worth more money now than you were last year (this IS promotion, even if it comes without a new title.)
- Work out the rest of the mnemonic which makes these points spell KEEPGROWING.
- ????
- Profit.
