TL;DR: We need technology and infrastructure specialists. You don't need to specialise in cybersecurity to have an impactful career addressing AI risk, or even to improve cybersecurity.

I've been providing advice and mentoring to EAs on cybersecurity and IT careers for a few years now, mostly at conferences. I've regularly made the case (often to the relief of the mentee) that people on cybersecurity and other IT career pathways should consider staying the course rather than retraining as machine learning researchers.

This year, after increased community focus on information security in relation to AI risk, I am now often asked how to retrain into a cybersecurity specialisation. In response, I'm making the case that an oversupply of cybersecurity professionals is not optimal, and (possibly un-intuitively) is not ideal for cybersecurity either.

Organisations working on AI risk, as well as other high impact organisations, need a range of technology skills in order to be successful.

In today's information world, technology provides enormous productivity for organisations. It's hard to do anything today without a plethora of IT services for communications, managing money, and doing data analysis. Good IT management is a force multiplier - you can have impact through increasing the efficiency and impactfulness of others' work.

Software engineering roles can also have high impact, as 80,000 hours notes "When investigating the world’s most pressing problems, we’ve found that in many cases there are software-related bottlenecks."

IT infrastructure skills are particularly in need for organisations working on AI risk, where the building and maintaining of cloud systems related to AI (including evals) is vital.

To have good cybersecurity, we need skilled technology professionals. Security needs to be integrated throughout systems, and is everyone's job. In my experience, people who are not security specialists but experienced and effective in technology make an enormous difference to security because they know the fundamentals and can build robust, reliable and securable systems - better than I could. An organisation with an information technology team and one security specialist is likely to be more secure than if it had a security team and no other technology specialists.

It's also worth noting that it is common to transition between technology specialisations. Many people in cybersecurity roles didn't start there, and many move to other specialisations. The lines between roles are often blurry as well, and to be effective in your work you will want to have a mix of skills from different areas.

The EA community needs information security experts, with a heightened need because of efforts to contribute in areas with information hazards. But we need other technology specialists, both to support the mission of organisations and to build robust, secure IT systems.

If you are studying or building career capital in IT operations, IT infrastructure or software engineering, you should not feel like you need to change to cybersecurity. If you are considering what to do for your career, cybersecurity is a great choice! But it's not the only technology career that will help you have a high impact.

If you would like to talk directly about your career, feel free to reach out to me through direct message. I also recommend 80,000 hours career advice.