Is My Job Even Real? Bullshit Jobs in Infosec
by errbufferoverfl | - 2:45pm
Ever feel like you’re just ticking off compliance checklists while everything is on fire? Like your job in security is less about protecting systems and more about convincing auditors your team exists? You’re not the only one. Inspired by David Graeber’s theory of bullshit jobs, I surveyed InfoSec workers on their thoughts: is our work meaningful, or just another layer of security theatre? (You might have even filled it in! And yes, to the person who asked if I’m doing okay: I promise, mostly). But, this isn’t a solutions talk. It’s a provocation, for anyone working in or around security to reflect on what our work has is, and has become, and what it could be. It’s a talk about performativity and purpose. Maybe a bit of a rant. Maybe a bit of data-driven confirmation that you’re not imagining things. And a question: do we need to build something better?
About errbufferoverfl
Bec has almost 10 years of experience in the industry, having worked across penetration testing, governance and risk, and application security. While employment only accounts for 23.81% of their time, it somehow ends up being the thing people want to hear about. So, let’s get this out of the way: Bec currently works as a security engineer focused on browser-based app ecosystems and federated identity. And no, they don’t think their job is that bullshit. In the remaining time, they read books they pretend are research (but really just feed deeply niche interests – hello, conference talk!), write strongly-worded submissions to government consultations, and attempt to build a dramatically compliant OAuth server. They also think the most based Unicode character is \u1258.