Watch enough cliche movies about growing up and it becomes quite obvious that, at least in Hollywood, a guy growing up has a choice to make: be an Alpha male or not. I'm not sure of the science behind it, though I know in many primates there is some truth to this, but I think it's safe to say there is something of a divide. According to Encarta (yeah, I was surprised it's still around too):
al·pha male (plural al·pha males) noun
Definition:
1. dominant male animal: a male in a pack of wolves, or a similar pack or troop of animals, that other members submit to and follow and that takes priority in mating with females
2. dominant man: a man who controls the activities of a group and to whom others defer ( informal )
In typical society the alpha male is confident, athletic, probably good looking, the guy who gets the girl, who can do anything. Experience tells us this is largely a mask, underneath it they're likely very different, a scared little puppy, but that's the perception. There is often an inner drive and societal encouragement to be the alpha male; or at least the supposition that getting what you want in life, be it fame, money, or women will be easier as the alpha male.
In the culture of folks who do IT there is definitely the concept of the alpha geek. This is the guy who disdains Windows, these days likely uses OSX or Ubuntu, but there was a day he rolled his own Linux distro or perhaps used Gentoo and took pride in the fact that he complied everything from source. He's the guy you go to for answers, who can do binary/hex/octal conversions in his head, and has coded in every language under the sun. If it's worth knowing he likely knows it.
This trend gets even more specific: The alpha hacker. While others are content to use Metasploit or wait for PoC to be released, he writes his own exploits and probably has a stack of 0days "just in case" but would never release them. He is the alpha geek with a malicious twist. He can debate the various debuggers/disassemblers, and knows exactly who he prefers IDA Pro to Softice. He walks around Defcon with an air of superiority, though without condescension, because while your neat new XSS or IDS evasion technique is cute it will be patched soon, and there's no patch for what he is capable of. You patch the exploit he used yesterday? Fine, he has more sitting around just waiting, and the day he runs out of them he'll just take a weekend or two and write a few more. He is the attacker you don't stop; you can try to frustrate him, attempt to piss off him, annoy him enough to get him to go for a weaker target, but he can't be stopped, not 100%. He's the kind of hacker the script kiddies wanna be like, at their keyboard every night, codin' in the glare of the monitor light.
It is at the impasse of this that I find myself. I am competent, I am in fact quite good as a hacker/security professional. I understand the attacks, I know their defenses, I can execute many of them. I've presented at a few security conferences, and hold an important position with a leader in the information security field, protecting hundreds of other companies. I am in a prime position in many ways. The biggest question at this point is the route to take: the alpha hacker's path or the security professionals path.
Following the first path is a trail of reverse engineering, vulnerability research, coding, reading assembly, and attempting to own everything in sight. This position will earn the respect of many others in the industry, the chance to do important work that directly influences the actually security of those using the Internet, perhaps even the security of countries. This is the path of technician, the operator, the person creating the technology. This comes with a price, a ceiling. This isn't a ceiling of creativity, or acclaim, or glory; those things can be continuously earned every year. It is a monetary ceiling. Technicians are, by their very nature, a dime a dozen, and even at the top there may be many others striving to the same heights, and the alpha hacker is only as good as his last program, his last hack, his last vulnerability. A big payday, from this position, is rare.
Along the other path is little more technical knowledge, instead focusing on how to apply technology, integrating solutions, and selling products. It is the path to sales, management, and consulting. It's not about deeply knowing the technology, it's about superficially knowing much and being able to sell it. It is the path that is about knowing people and businesses. It rarely holds the glory of the alpha hacker, rarely the respect from those on the front lines. It does provide the chance to win the respect of the decision makers and C-Level execs, and as a result has the possibility of a big payday, either as a part of a sales team or working with a smaller company as an entrepreneur.
Personally I'm torn. I have a passion for technology, and I love knowing the things no one else knows. The idea of learning to be the unstoppable wraith that is the worst nightmare of someone defending a system, and who is able to understand what applications are doing at the deepest levels, and understanding how to take advantage of it. On the other hand I am a people person, I converse well with others, both technical and non technical, and can explain complex concepts in simple ways, and I'm sure with a little bit of work would have no problem explaining and selling solutions. I'm on the cusp, able to go either direction, sales engineer or reverse engineer, and I simply don't know. i
In many ways this is even more fundamental, it's the question of what's more important, doing what you love or doing what pays the bills? Is it worth enjoying your time at work a little less to enjoy your time away from work a little bit more? I don't know, but I'm starting to wonder if there's a third option...
