I’ve worked in three big areas in my career: building software, securing software and leadership.
Each area has a different sized feedback loop.
Building software has a very tight and immediate feedback loop. Get an idea, try to build the idea, fix/tweak/improve then finally ship. At the micro level its write feature, fix bug, get it worked, commit the diff and go home for the day. This all feels fantastic!
Security is essentially about understanding how software and systems work together better than the creators so you can find, and fix, security weaknesses in the aggregate system. The work here is simple enough: understand everything. And then be paranoid. The feedback loop for here takes longer, months of groundwork to understand all the moving parts¹, a deep code audit of a given subset from which you draw both bugs and lessons to apply to the rest of the codebase.
Leadership/management has the longest feedback cycle of all. This is because we as human beings are way more complex than computers. Turning an employee from a low performer into an exemplary one takes time. Months and years. It takes trust and the understanding of motivations, goals, circumstances, skills, etc, etc, etc. But when it happens I’ve found it the most rewarding of all 3.
- It takes a lot of groundwork to understand how all the technical parts of a company fit together. I found I didn’t feel 100% until 6 or 9 months in to any security job.