I would like some advice on where to go after university
I am currently a Computer Science student in university who really loves Linux and FOSS software, hates it when governments and corporations spy on people, and would probably rather have a job that brings meaning and benefits society than one that has a high paycheck (although I do recognize that I also need to have enough money for food, housing, .etc). I also watch Scammer Payback and Jim Browning and I love what they're doing, but I don't know if I could turn that into a real job.
I've thought of doing pen testing (later on in my career), but I've come to realize that it is better if users just started using privacy-respecting FOSS software like Signal, because if you give a hacker enough time, patience, and the right resources, they could hack into anything. Although for something like banks, I'd maybe be ok working there, as everybody still needs them and they're not going away any time soon.
I also need something that I could get into fresh out of university or even as an internship or co-op.
Am I being too pessimistic? What would you suggest me to do? Feel free to challenge my views on life.
Ideals largely vaporize when you have bills to pay and you are facing homelessness.
Your best bet is start talking to local job recruiters, ask them what tech stacks and certs are in high demand, and go learn that stack and get those certs and take whatever job will pay you.
Once your bills are getting paid you probably will have time/energy to work on personal projects.
The vast majority of work is closed source proprietary stuff.
In fact to be more specific, the vast majority is mind numbing "thing" management CRUD applications.
Inventory management, people management, accounting, etc etc.
"We wanna make an app for managing (things)" is gonna be your life for awhile.
It's also heavily a lot of "we had this (thing) management app made by someone 12 years ago. It's now barely functional, riddled with bugs, has huge security holes, and has tens of thousands of users every day on it. We want you to add new features to it and not fix any of the existing massive issues at all. We have no idea how it works, it has zero documentation, we don't even know where it is hosted atm, and you will count yourself lucky of you even get the git history"
You heavily want to focus your skills first and foremost on how to read other people's code. How to interpret wtf this zero documented function does and how it works.
Real talk, you don't have the luxury of being an idealist right out of university. Your goal is to get a job. When you're in that job you will likely not have the luxury of being an idealist either.
When you have enough experience making practical, reasoned decisions, then you can stand on principals.
For context, I have been in this business for nearly 20 years. The people I have personally worked with who have resisted things on philosophical grounds ALWAYS get left behind. I've seen it with systemd, the cloud, and now I'm seeing it again with kubernetes. You cannot escape the collective inertia of an entire industry.
Obviously there are still thresholds.. I would never work for someone like Raytheon. You have to draw lines somewhere but saying you aren't going to work for a company that does user behavior tracking is short sighted and impractical.
Most resistance I have seen mostly comes down to a misunderstanding in the benefits that kubernetes offers. The assumption is that kube is used for autoscaling and that, if the inbound traffic is predictable then the added complexity is unnecessary. When that happens the "kube isn't right for all situations" turns into "kube isn't right for any situation" whether the person in question would ever admit that or not..
All of this ignores the MASSIVE reliability enhancement kube delivers and the huge amount of effort currently going into modern tool development surrounding the kube ecosystem.
I spent 20 years working for my local newspaper. It was a ton of fun and I constantly got to do new things. I did everything from making a palm pilot game to accompany our coverage of the Sydney Olympics, to an Apache module for a custom cms to iPhone and Android apps.
Now I can't say that working for a news company is a good idea in 2023, but the point is there's probably a company local to you that needs a wide variety of programming and isn't a "tech giant".
Hey high five, also a local newspaper guy! I bumbled into it maybe 7 years ago. It doesn't pay well (it's pretty rural) but it totally aligns with my principles. It's rough in the newspaper industry these days but it's also an interesting challenge. Your competition is basically Facebook and Google.
I totally agree though. Certain small businesses are happy to have a skilled programmer. My boss gives me a lot of leeway to follow my principals when it comes to user privacy and stuff.
Unfortunately for those who have those values,
not all paid positions involve acting on those values.
Random brain dump incoming...
Most businesses pay money to solve problems so they can make more money.
You can solve their problems - but not in the way that you may be thinking.
This is a generalisation that is not strictly true, but I say it to illustrate a different way of thinking:
Businesses do not undertake penetration testing because they want more secure software.
They do pentesting so they can stay in business in the face of compliance and bad actors.
To find a job,
you want to start learning what people pay for.
People pay contractors to come in and fix things, then leave again (politically easier, sometimes cheaper).
People pay sotfware developers to develop features (to sell more stuff).
Start looking up job titles and see which ones interest you (DevOps, frontend dev, backend dev, embedded...).
Don't get too stuck on the titles themselves.
It's just to narrow down what kinds of business problems you find interesting.
Other random questions:
What specific projects are you interested in?
What types of problems do you like solving?
Do you like digging in and finding those tricky bugs that have been bothering people for years?
Do you like trying out new frameworks which let you think about the system differently?
Would you rather implement a database or GUI toolbox?
Once you're deep in the belly of the beast, you'll find ways to exercise those values.
It's hard to know in advance what this will look like.
I would say I'm a very ideals-driven person as well. I had hoped to get a job with a company whose values aligned with my own upon graduating.
My experience was that it was really difficult getting my first job when I was being fussy with who I was sending my applications to. This is despite having both an undergraduate and postgraduate degree with the highest possible grades and also industry experience.
Eventually I gave in and started sending applications to all sorts of companies and took the first job I got offered. I'm still early in my career and I'm still working with this company.
Honestly I think for a first job it's just worth taking whatever comes your way if it will offer you valuable experience. Then you can always apply for other jobs whilst you're earning money and experience. That's my plan anyway.
Yes, work on getting your first job, don't worry so much about getting your dream job on the first try.
Let's say most jobs get 1000 applicants. Having a relevant education will put you in the top 200. Having relevant job experience will put you in the top 50. And not having a bunch of strange red flags that suggest you're not going to be a useful hire might mean you're one of 5.
It's important to pay your dues, and early on that often means working a job you don't want as much.
A lot of people with university degrees end up not doing anything related to their field because nobody told anyone this stuff and they end up applying for jobs they can't get first.
I’ve thought of doing pen testing (later on in my career), but I’ve come to realize that it is better if users just started using privacy-respecting FOSS software like Signal, because if you give a hacker enough time, patience, and the right resources, they could hack into anything.
Your idea of pentesting is so far from what it looks like in reality that it's probably not a path for you, at least not now. Let me explain: how am I going to protect my banking app using Signal? How will I know if our JSON unmarshalling library used by transaction service isn't vulnerable or exploitable? What FOSS software shows me live dashboards of deployed software in container and their security risk?
everybody still needs them and they’re not going away any time soon.
Bank is a civilization old concept, it has always been here and will be. Banks are so durable, they will run after our civilization ends.
You won't be stuck. You can always reevaluate and change employer later too.
You can't know many things, like work environment, leadership style, beforehand. After assessment before and during interviews, you'll have to get and and see.
Given that you seem to weigh meaning and impact quite high, I suggest
check for jobs for Non-profits and rights/citizen protection government orgs
check companies and industries you're interested in
consider smaller companies where you have an impact, and where you have or serve a product
You can get an idea of roles and availability from job offers/seekings.
Consider practicality; setting for a reasonable job first, and then taking the time outside of it to seek opportunities, alternatives, or contribute.
My cousin got a job working on FOSS for 5 years out of college. His secret? Work 40+ hours a week literally for free, crash on people's couches, and get his girlfriend to feed him. He eventually got a real job because that's obviously totally unsustainable.
Unless you have a sugar daddy/momma or a trust fund, you need an actual job. Some companies make good use of FOSS and give back to the community. But I'd suggest settling for any job to get an income and experience while you figure out what companies you actually want to work for.
I would recommend finding a company with a solid internship program and use the internship program to get your foot in the door and get hired. Companies like Cloudflare, VMWare or other with a security interest have strong internship programs.
Point is, using internships is arguably easier to get in. Many college students, myself included, used internships just to get any experience. But what you really want to strive for is interning where you want to work and kicking butt.