If you could pick and actually get any Cyber Security job in the world what would it be and for what company / agency? Why?
The most ideal situation would be one that let me learn as much as I wanted. The problem with federal government is that some of the agencies you think are glamorous, are not really that glamorous behind the scenes. I remember going to one agency and when I started I went to my desk and found a Windows 2000 desktop. As an IT Specialist I thought the agency would be cutting edge, nope. I asked my co-workers "C'mon man. HA HA! where's my real workstation?" "That's it." they replied. "Seriously?" "Yup." This was after Win XP had been out several years....
I guess I would have to say one where I was threat hunting and finding clues about the intruders. I like to find evidence of the trespass. That would be my ideal thing, if I could get paid as well as being a CISO.
This is a great topic. Some of the best gigs I've had were for organizations with dated technology. The fun comes when you need to apply all your fundamental skills to ensure you are covering all the basics with the tools you've been given. You're like a mechanic who gets a chance to hone some skills on a '32 Ford.
When you are in cybersecurity, you're always just an adviser, even if you're on the corporate side of things. Remember that. Organizational leaders may or may not take your recommendations seriously. You have to be sharp enough to know how to frame your recommendations, provide actionable metrics, and live with the results.
I have written innumerable recommendations where I have been either studiously ignored, or told no to my face. That's fine. You write up your recommendation for remediation, provide business leaders with the options to accept the risk as-is, mitigate the risk (and show how much that will cost), or seek to transfer the risk. Once they make their decision, you ask them to sign off. You've done your job. They must do theirs.
I would select CIA. With how clandestine work at the CIA is, I would likely be able to work full time and have a small business on the side to mask my real job. This would be allowed, and probably highly encouraged.
Department of Defense, hands down. Travel to exotic places, stay physically fit, carry a gun, job security, and as an added bonus, you don't even have to think about what you're going to wear every day! All jokes aside, you have the opportunity to apply your Cyber Security skills through all seven of the OSI layers. Every job, and many times every mission, will require you to apply your skills and knowledge in a different way. You will never become the "certification guy" that has a bunch of letters after his signature block with no real experience in any of the fields nor will you be just a one-trick pony that does the same task every day.
My dream "Cyber" job is to work with NCWIT, recruiting and mentoring young women to be successful in the field.
I've been working in STEM/ Cyber for 20+ years, and I think I have an idea of where the "landmines" and "roadblocks" are at.
You might want to spell out the acronyms so people do not have to google it. We would love to hear what you think the landmines and roadblocks are.