More than focusing on any single technology, I am willing to drive my stake to the ground here.
If you have the background, or sufficient interest in security, add two things to the mix: psychology and usability. The UX of security related software/solutions are nothing if not atrocious. Fixing that would be a good start, but I won't hold my breath. It's also going to be increasingly important to understand why people - both individually and in aggregate - do/choose/prefer certain things over others.
This goes way beyond blind A/B testing, btw: you can't just throw random experiments on the wall and see what happens to produce the best incremental ROI. You'll have to actually think about paths, not just the next fork in the road.
What I've learned is they don't need problems solved, managing problems is their job, they want data they can use as leverage to drive agendas in higher level conversations that get them money/resources.
Security people make their livings managing a black box of uncertainty and producing spectacles on behalf of whoever needs them as an ally for an agenda, and when you solve a problem that reduces that uncertainty, you reduce their leverage and value to their stakeholders.
The only valuable security products will be ones that serve that need. The rest are science projects, imo.
I can replace security consultants with a SaaS product on a large number of engagements, but that breaks the economics of the compliance game. Regarding psychology, it may be a darker journey than you expect. :)
> Regarding psychology, it may be a darker journey than you expect.
You may have a point there. Quoting our previous compliance officer: I am not cynical enough. (My posting history probably already puts me in a pretty grim bracket in HN, so there's a thought.)
If you have the background, or sufficient interest in security, add two things to the mix: psychology and usability. The UX of security related software/solutions are nothing if not atrocious. Fixing that would be a good start, but I won't hold my breath. It's also going to be increasingly important to understand why people - both individually and in aggregate - do/choose/prefer certain things over others.
This goes way beyond blind A/B testing, btw: you can't just throw random experiments on the wall and see what happens to produce the best incremental ROI. You'll have to actually think about paths, not just the next fork in the road.