How good is Cyber security job in a Startup?
As a security engineer we always look for opportunities in different domains and the only thing we expect is just the freedom to explore. The real question is "Which is the coolest place to work as a security engineer?", the answer is STARTUP. Well a startup is a newly established organization that aims to solve several problems which are not solved yet or tries to solve problems in an efficient way. OK, is there any place for security in a startup? of course there is. Any organization either big or small have to maintain security in their products and without security any solution is of no value. Coming to the reality, most of the employees in startups do multi tasking.They do full stack, security, automation etc. But being a security professional we can spare our 70% into securing systems and 30% into other works. Let us take the following key things to be considered for choosing startup:
Risk: This is the main advantage for security professionals in startup, we don't have any risk on us because they don't have much assets. This is the starting point where we can integrate security from the roots. Whereas in corporate there is huge stress because of the value of the assets.
Exposure: We can develop our own strategy to secure our organization. We may have very limited access to the resources if we were in corporate and we are limited to securing specific entities.
Promotion/Identity: May be because we are one among very few employees of a startup, our work can be identified easily and we can create our own thumb-mark on securing systems. This can lead us to promoting our role and good identity.
Budget: Startups start with less budget, we have to make everything on our own or use opensource and develop it as enterprise level. This will also help us to dig deep of any software because of the amount of alternatives we search for a specific problem. In corporate we tend to use existing commercial solutions and we may not know the crux for the same.
Blame game: In corporate, breach may happen at sometime ago but comes into picture while we are in the charge. We are now responsible for the compromise because of a poorly trained user opening a phishing mail long ago.
Apart from these, if we work in startups which deal with emerging technologies, then we can build our own emerging security solutions and sell them as a product.