Skip to main content

Cyber Sam Wants You.

Before I say anything, let me say something: I am truly #blessed to be employed by a money laundering operation because there's absolutely no way in fuck that this corporation can be profitable simply doing what they say they do. I am #blessed because there is no shortage of inspiration for a shitty blog when you work with buffoons and for a clown. And I wish I could be either of those things. Buffoonery and clowning do pay well. However, if you're in cYbEr, and you're unemployed right now, you're fucked. Companies have discovered a simple trick job searchers hate: they don't really have to hire anyone.

You see, hiring people and paying them a salary is some expensive shit. If you're in the business of making money, you don't want to do things that are going to reduce the amount of money going into the big boss' pocket. Secret apartments Garçonières need upkeep, cocaine is expensive, and that dead sex worker will not dispose of her body herself. If you're a smart (in a sense) CISO, your line of thinking might go a little like this after you stop posturing on twitter for a minute: If the cost of dealing with the fallout of a breach or any kind of undesirable security event is less than the cost of preventing said breach or undesirable security event, don't do it. If all you need to do after your company gets ravished by people light-years ahead of you in technical capabilities and professionalism is to pay a fine and send some letters, why bother? Let's say a moderately competent infosec team goes for $10/year (one can dream). If your incident response efforts average out to $6/year...

Smart meme guy

But! But! Reputational Impact something something!

LOL. Okay, sport. Go around and ask what happened to companies that got their shit rocked. I'm talking about corporations, not your mom's Etsy storefront. Nothing. Corporations mishandle their data all the fucking time, they don't care one iota about your data, and there are no significant consequences. If there were, CISOs would have to do their actual jobs, and we can't have that. We need to keep things as they are: cybersecurity theater run by mediocre men. And god forbid some broad who actually knows their shit says something uncouth like "if someone clicking a thing on the thing-clicking machine leads to security failure, they are not the foolish one."

But! But! Something about regulators and audits

LOL. Settle down, bud. You just tell them this (feel free to copy and paste this exact verbiage):

Mr. <Regulator/Auditor>, sir. I've posted this job on LinkedIn with a ridiculous list of requirements, shit pay, full onsite, and got 389 applications in 5 minutes. We can't hire anyone. There's a lack of talent.

EZ. GG. You're welcome. Hold on. I can hear the recruiters muttering something. What's that? That's not accurate and I'm mischaracterizing the recruiting professionals? Well, you fucks mischaracterize people by (I hope) looking at a PDF for 3 seconds, so fuck you very much. Just because you know how to send an In-Mail doesn't mean you know what a good cybersecurity professional looks like. Also, fuck your Workday ATS. And fuck you again, while we're at it. That guy on LinkedIn posting 10 $400k/year jobs a day is not hiring anyone, good buddies.

What do we do, then? We need to fucking eat, right?

Wanna do a co-op? I'm game. sc at If all fails, let's join a cybercrime gang. I'm sure we'll learn a lot more.