Skip to main content

To the class of 2024.

It's my honor today to deliver the commencement address for this incredible student body. The class of 2024 is like no other in the short history of our nascent profession. As you enter the workforce full of hopes and ideas, we will watch you from the sidelines, anxiously waiting to utter the timeless advice "I told you so" as you hit the unsurmountable obstacles of the corporate world.

Class of 2024, you are entering a cybersecurity world that can only be described as a shit show. You will be underpaid, overworked, laid off, not taken seriously, seen as a nuisance and a roadblock, only to look around and realize that you're getting paid $80k/year while the moron who runs the show is making $500k to go to RSAC and post on LinkedIn.

You won't get any support from the organization in the form of mentorship, training, tools, or flexibility. But you will persevere! Not because of your indomitable spirit, no. You will persevere because you need to eat and no one else is hiring. You've been lied to by pretty much everyone. You've been told that you can "become a penetration tester with zero experience in five steps." You've been told that a 30-week bootcamp would turn you into a blue team ninja, and all you've learned is how to spell SOC. You've been told that a CISSP would open all kinds of doors and help you land that high-paying job with a MFAAANGD company. Despite all that, you hustled. You went into crippling debt and did it anyway because you want a better future.

Graduates, you will enter a very competitive environment. An environment where all the players want to undermine you, backstab you, throw you under the bus, and sabotage you every step of the way if you don't make your betters look good. You are entering this profession at a time where organizations big and small have realized that they don't need to spend any money on cybersecurity because the consequences of poor cybersecurity are virtually nonexistent: it's cheaper to say "Oops! Here's a voucher for identity monitoring with a company that will also leak and/or sell your personal data" when something happens than it is to run a proper cybersecurity program. Class of 2024: LMAO. You're fucked.

Rest assured, though: some of you will get to enjoy the benefits of the corporate world! Some of you will make a career out of going to every single cybersecurity conference there is. Some of you will get to attend exclusive vendor parties. Some of you will be wined and dined by some security-adjacent AI peddler. And, if you're really well-connected, I mean, "deserving", you'll develop a cocaine habit that will be sustained exclusively by some business development managers. Make no mistake, though: if that's not in the cards for you, you should know it by now. This is a meritocracy after all. In the quoted-to-the-point-of-becoming-a-cliché words of the late Steve Jobs: "Stay foolish." This thing doesn't work if you don't stay foolish enough to believe the bullshit.

It's not all bad news, class of '24. If you're really into this cybersecurity thing, you will find community in the most unexpected places like some weird blog's discord server. You will meet like-minded folks just like you who want to share the knowledge and make things better, and I urge you, class of 2024, to hold on to that community and commit yourself to the cause of "making shit less fucky" for you and your peers. Every little bit helps, so engage and spread the word.

So get out there and cause a scene. Make a ruckus. Rock the boat. Your future is bright. But it can turn real dark real fast if you don't pay attention and don't fight back.