Sure, hedge your bets. Get financially secure. But also consider that "nothing ever happens" is usually correct and the world has a way of ensuring things keep going in the direction they have to in order to give stability to the establishment (which we are generally a part of).
So, what can derail AI out of left field? Maybe building DCs for it in Arizona and EMEA can, for one.... choosing very "water-rich" locations there for water-cooled systems.
So, how could this land longterm, assuming AI works sort of good, sort of bad against the use cases? The real questions here for industry people though should be this:
1) How does this play out, over the 5-10 yrs we have to see it occur of trying it/redoing it/trying a new version/going back to the old version, all the while it's occurring over my career, all the while when I have bills to pay and relationships to maintain.
Ans: I think that's a hell of a lot of financial and employment stress induced on us by people who don't understand the tech they're rolling out, the state change that's occurring, and don't need to deal with the consequences. All the while, I go mid career, to late career, dealing with what AI can actually do in the background.
2) What is actually going to work wrt being relevant to my job?
Ans: I think what actually works is the vuln research aspect of AI, feedback loops rapidly, rapidly speeding up on that.
And, what is the most stressful, obnoxious, high burnout part of the job - sec arch and vuln remediation, or IR and vuln response. Both about to go on overddrive, and already are if you're minding bug bounties and IR these days.
3) Has this happened to other industries, how did it go?
Ans: trading, trading, trading, trading. Check it out.
We are, for example, about to grow the reach of tech even further thanks to AI. A large percentage of future warfare, for instance, will now be taken over by tech. If humanoid robots get gud, there's a whole 'nother world of applications that will probably need people to specify, test, improve, etc.
Sure, on the one hand I think the value of writing code will probably go to zero in ten years(although some applications explicitly forbid AI coding like some critical infra or space stuff), but writing code is a small part of many SWE's jobs. AI currently still needs to be told what to build and how to make a cohesive, sensible product. Maybe that changes, maybe it doesn't. But the path to eliminating human work is not short or clear-cut.
I'm not sure if personal assistant or nurse are going to be AI-free. Plumber, welder, bricklayer, pest exterminator, sure. Don't underestimate the downsides of physical labor, though. Low pay and backbreaking.
What writing on the wall? If anything, I think you'll be more needed, not less, in times to come.
Ya I get the need but you miss the point - no, you can't pay me anymore to wade into that and own risk, beyond a consulting context with low skin in the game.
There is a wave of senior leads thinking like this, because the knife's edge of "enough risk to game it for pay" finally tilted too far, and the career has changed.
In terms of going home after work and not yelling at my kids and spouse due to work stress due to the 10th 0day in a week on my corporate VPN/my retail-facing app/my..., there's a real QoL issue to consider. Many outside of security consistently misunderstands the mental health/career satisfaction/pay triad.
"Consulting, if you're not a part of the solution there's money to be made prolonging the problem" - Despair.com :)
/i'm a consultant
(Edit: Word of warning though, my father was a bricklayer and he also screamed at his kids whenever he came home overworked. I'm not saying I know the answer here but every job has its "they don't pay me enough for this shit")
In a situation of triage, "owning risk" is off the table.
I see you haven't hired a tradesman in the USA lately...
Sure, my body would hate me for it, but as a plumber I could make about half what I make as a SWE and given the progressive tax structure and business write-offs I'd probably net a comparable salary.
The major benefit is that you can invest much more of your income into a SEP-IRA, which is a before-tax deduction. 25% of income or $75K, whichever is lower. That adds up.
But health insurance is a massive cost. Last time I ran the numbers, which admittedly was a while ago, my income as a self-employed consultant had to be much higher than my income as an employee in order to reach the same take-home amount.
I’m not a CPA and wasn’t interested in squeezing every dollar out of the system. I had a simple sole proprietor LLC. So there may be other tricks to pull. But the tax writeoffs are overrated, in my experience, other than the IRA. It’s not free money; for the most part, it’s a discount on purchases you wouldn’t otherwise be making, and a lot more hassle to boot.
Yeah, I typically charged double my salary rate. You have to pay for your own sick time and vacation time. I think that's generally baked in to the rate.
(Afterthought: Don't forget the time and cost of retraining. I don't doubt your statement that you'll make just as much but I doubt it'll be right off the bat)
I just did some quick research:
- ~4.8 million unfilled cybersecurity roles globally as of 2025–2026
- Global workforce ~5.5 million, but ~10.2 million needed to meet demand
Not to mention the growth in the industry has slowed to ~0.1% year over year and you're seeing those shortages are outpacing the current workforce. Add in the most senior folks like yourself are just noping out and leaving the industry wholesale is troubling and unsettling.
Its not surprising we're seeing an unprecedented level of successful attacks. We simply don't have the resources to keep up with the criminals/hackers out there who are moving significantly faster than the companies they are targeting.
As others have pointed out, I'm not sure how this can get anything other than much worse in the near future.
I hope this all lands somewhere in the middle but honestly who knows at this point.
And if you're planning it, plan it soon b/c vendors like Dropzone are carving out the entry sec eng ops/ir jobs in-house or at the MSPs, and Trail of Bits skills foss on GH are carving out the 2-3x extra $3-400k TC line sec eng roles .