Thanks Yonatan! I was the editor of this review.
The section "How to enter infosecurity" has one section which discusses how to enter the field with a university degree. But it also notes: "However, you shouldn’t think of this as a prerequisite — there are many successful security practitioners without a formal degree." The following section discusses how to enter the field without formal training.
Whether any given individual should pursue a degree depends on a bunch of individual factors.
Your suggestion that EA orgs should have a "head of security" of some sort sounds plausible in many cases. But a lot will depend on the size of the organisation, its specific security needs, what other duties this person would be responsible for, etc., so it's hard to be generally prescriptive. As the review lays out, there's likely to be an ongoing security needs for many impactful orgs for the foreseeable future, and expertise in this domain will be needed at a variety of levels.
Thanks for sharing! This is really interesting — we’ve read it and will think about it.
Your updated estimate accords with what we wrote in our career review on founding a tech start-up (“people who have received venture capital funding or entered Y Combinator have on average earned millions of dollars per year”). It’s not as a up to date as we would ideally like, but it’s not among our top priorities right now.
- Cody from 80k
Hi — thanks for for the question! That’s definitely what we care about most, but it’s also unsurprisingly very hard to track, as you say. We have different ways we try to assess our impact along these lines, but the best metrics we can share publicly are in an appendix to our two-year review that summarises the results of our user survey. You can also see Brenton's answer in a separate comment for much more detail about our efforts to track these metrics.