I know exactly what I want in a long term role so I can save us some time.
For me to be willing to change jobs at this point I would expect:
- A high level of autonomy where I am allowed to work weird hours.
- Have my obsession for auditable everything be humored/tolerated
- I prefer to work with open operating systems like Linux
- I am never asked to rely on any software I can't audit on any of my personal or company devices.
- No need to go find clients myself or worry about the business side of the house
- Travel/lodging covered for the 2-3 security conferences I try to attend every year.
- 3-4 weeks a year of vacation on top of that
- The ability to regularly publish my own open security research and tools
- The bulk of my job being solving hard security problems for a wide range of companies in areas like:
- Supply Chain Integrity
- Decentralized Trust
- Automated/Immutable infrastructure
- CI/CD
- To work with highly capable peers that can call me out when I am wrong.
- To have plenty of chances to mentor and educate others
- To have plenty of chances to learn new skills from others with specialities I don't have.
- To be able to strictly follow Kerckhoffs's principle and never be asked to defend security theatre
- The freedom to live wherever I please while making a SF Bay Area Salary
My current employer mostly checks these boxes, so I mostly don't have any motivation to change roles at the moment.
I certainly am not interested in hearing out anything less. If it takes years to find an ideal fit then it takes years.
Hopefully that helps! Thanks for your interest either way. :)