> Particularly moving is how proficient (effective)
> security people perceive themselves at 43
> percent while the highest rating was merely
> 51 percent. Doesn't say much for us a
> workers does it?
I don't know about that. Personally, I rate myself low even though my peers consider me better than that.
I think for smart security professionals, our job, our experience, changes daily. It's hard to keep up and stay relevant.
I have a lab environment in my basement, I probably spend 5-10 hours a week there (in addition to office work) and I STILL feel like for every 1 item I learn there's 10 more things I need to improve on, or there's a new method/technique to learn, or there's more code to write, or an exploit changes. Sigh.
I think it also depends what motivates you, whether you want to be an independent consultant, or whether you want to be part of a team or group of people or even join an organisation, with the right motivations for development as part of your career path. I have been personally involved, in many security domains for nearly 40 years, and I am lucky enough to be in one of the top 3 Enterprise security organisations. The global team is growing rapidly, motivation and drive to develop, collaborate and provide professional giveback internally as well as provide innovation and practical guidance is very infectious. Even at my senior level, it fully motivates and fully engages me to do better, not only for clients and but for ones own self-development, and providing giveback via coaching and mentoring. Its a team effort, it really depends on what you are passionate about, and you feel you can seriously contribute and find value in terms of your own growth and not just for the $$$ signs. It is hard work, and as a previous contributor stated, if it really is worth it, then the journey is well worth it. If the journey, does not feel right, then normally you should go by your gut feel, and not ignore it - alter course, and keep going.