(Inspired by another toot)
If you're thinking of getting into infosec, you should know that the industry is like 99% military, cops, and bootlickers - and this largely holds true for the available work as well.
The problem with the infosec industry is actually pretty easy to summarize. In the infosec industry, there are roughly three things you can do:
1. Sell people reactive patchwork fixes for problems that have already happened. Good business, you'll have customers forever.
2. Put work into fixing security problems on a structural, worldwide level so that they just can't happen anymore. Years of work on the public commons, and no one company can profit from it. Therefore nobody will pay for this.
3. Do lucrative contracting work for the government. Sometimes reactive, sometimes structural. But whatever it is will always advance specifically *their* nation state interests.
Well, guess what the industry works on.
... paid work, that is.
There's plenty of genuinely important structural work that isn't getting done because it's not profitable, of course.