“I’m a security professional who has worked in and out of Government roles. I can tell you the pros and cons. Ask me anything.”
That was the prompt—and our four AMA (“Ask Me Anything”) guests delivered for our monthly AMA on reddit’s r/cybersecurity. Here were our participants:
- Matt Conner (u/SomeCyberGuy), CISO, Second Front Systems
- Brett Conlon (u/BeachByteExec), CISO, American Century Investments
- Jeff Steadman (u/Alarming-Set8426), deputy CISO, Corning Incorporated
- Adam Arellano (u/AdamTalksTheCybers), field CTO, Traceable AI
The community came ready with questions on job security, industry transitions, career management, and navigating between government and private sector roles. Below are some of the most thoughtful and actionable exchanges from the conversation. Find the full Reddit AMA here.
The myth of job security—and the truth about options
When one user asked about the “guaranteed employability” of having a clearance and a government job, both Brett and Matt shared perspectives that pulled back the curtain on this perceived stability.
“When I first started looking to private, this was a BIG issue in my mind,” said Brett Conlon. “There are civilian jobs with unions, pensions, etc. but there is nothing out there that’s guaranteed… Look at all the downsizing the government is doing today, look at the contracting companies that are downsizing to make way for AI… Nothing is guaranteed, but I can tell you there are A LOT of cyber jobs out there.”
Matt Conner reframed job security as a personal risk equation:
“Job security is an exercise in risk management… If you’re concerned about volatility, be cautious about startups. If you’re situated where you can take more risks, startups can be rewarding and exciting. I don’t think having a clearance is a guarantee of employability, but it’s definitely marketable.”
He added that in today’s market, many employers are “choosy,” not desperate—so the framing around job choice may need to shift accordingly.
Charting a career without a map
One of the most popular exchanges came from a career crossroads: Should you work for an MSSP to gain variety and exposure, or focus on climbing higher in one large organization?
Adam responded with a perspective that was both unconventional and freeing:
“I prefer the Forrest Gump method of career management… I advise you to stop trying to look for the perfect path and just find the next interesting thing that you can picture yourself doing for a couple years. At any given time be willing to make a change and just see where it takes you… Try something out, if it is terrible, do it for two years so your résumé isn’t lopsided and learn from it. Rinse repeat.”
Brett added a word of caution about the often-romanticized vCISO route:
“This might not be the popular opinion, but vCISO is typically someone who couldn’t make or stay at the CISO ranks. You’re seeing less and less of this happen.”
What’s the real value of a clearance in the private sector?
In one of the more active threads, participants debated whether a security clearance still holds value when working outside of government. Adam kicked things off:
“For me, I couldn’t wait to let my clearance lapse, it was an anchor that tied me to federal work that I didn’t want.”
Matt countered with a more pragmatic take:
“To maximize options, I’d keep my clearance as long as possible… There is still a lot of value in having a high-level clearance.”
Jeff added a broader perspective:
“Unfortunately, there is no value to holding a clearance in a position that does not require it. The greater currency remains the experience you gained during the public sector position.”
The consensus? Clearances don’t guarantee employability—but the hard-won experience often does.
Making the leap from public to private
For early-career professionals transitioning from government roles to the private sector, understanding how to frame your experience is key.
Adam Arellano emphasized the value of immersing oneself in the contractor ecosystem to understand how government skills translate to private needs.
“Going from civilians to contractor to private industry worker is a process of acclimation from one world to another.”
Brett Conlon agreed that public sector roles often build strong foundational skills—especially for those coming from the three-letter agencies.
“The biggest challenge for public to private is environment acclimation and understanding that risks will be acceptable to the company. It’s not a zero tolerance.”
Jeff Steadman encouraged clear storytelling in interviews:
“Don’t just say you did work in a classified job series—explain what the goals were, how success was measured, and what you learned from it.”
The collective advice? Public sector experience is highly valued—if you know how to frame it. Understanding risk tolerance and practicing outcome-based storytelling can make the transition much smoother.
Final takeaways
This AMA reminded us that the cybersecurity career path is anything but linear. The contrasts between public and private sectors go far beyond salary or mission—they touch on identity, stability, growth, and alignment.
If you’re considering a switch, it’s worth asking:
- What risk am I trying to manage or take?
- What mission will motivate me through the hard days?
- Who do I want to become in this next chapter?
There’s no one answer, but thanks to these four experts, there’s a lot more clarity—and a lot to think about.
Be sure to join us for next week’s Reddit AMA, starting Sunday, August 24. The topic will be “I’m a CISO who made the business care about cybersecurity. Ask me anything.”