Tag: jobs

Starting a career in Confidential Computing

Whether your interests lie in research, design, engineering or operations, there will be opportunities to find rewarding careers in Confidential Computing.

An IDC report published at the end of Q4 2025, revealed that nearly 75% of respondents saw “Lack of skilled personnel” as a hurdle to adopting Confidential Computing.  I was recently speaking at a conference on the subject of security – including, of course, Confidential Computing – and was answering questions in the hallway afterwards when someone asked me, “how would you suggest I start a career in Confidential Computing?”  The person asking was an engineer and had a good understanding of the basics, having spent some time a year or so ago trying out the technology, but now wanted advice on how to forge a career in the area.  As the Executive Director of the Confidential Computing Consortium, this felt like a topic on which I should have an opinion: I thought it might be interesting and useful to provide my thoughts here in an attempt to help fill the perceived gap in the expertise market.

There are, I think, four broad areas – though I initially replied with three – for someone looking to pursue a technical career in Confidential Computing.  There’s definitely overlap, and also opportunities for non-technical paths, but I’m going to concentrate on engineering-related, or at least heavily technical roles:

  1. Research
  2. Infrastructure
  3. CC-dedicated
  4. Generalist

Research

In Q2 of 2026, the CCC published a call for research proposals to receive funding from a grant fund. We expected a handful and received over 35 applications and several after the cut-off date. This signals that research in Confidential Computing topics is alive and well within academia. Some of these will be around low-level hardware and firmware, others much higher up the stack in, for instance, attestation and endorsement protocols. There are also opportunities for research outside academia in some of the key companies in this space who are building the infrastructure for Confidential Computing, but also for independent researchers interested in working on specific projects or vulnerabilities. As Confidential Computing matures and more use cases emerge, we can expect research opportunities to continue to grow.

Infrastructure

The industry needs to build out the infrastructure to allow Confidential Computing to become fully commoditised – and then to create offerings that provide ways for providers to differentiate themselves.  This area is particularly broad, as it encompasses everything from silicon design to cloud computing services such as key management services and all the way to Attestation Verification Services (AVS).  It also includes, as the Research area does not, roles within operations which can expect to look different to existing operations roles as monitoring, debugging and management techniques adapt to Confidential Computing.  Many of these jobs will be in silicon vendors, OEMS, hyperscalers and cloud service providers, but there are also likely to be existing enterprises and new start-ups who will be finding a niche in the Confidential Computing services market and need talented and expert engineering resources to succeed.

CC-dedicated

This area maybe overlaps a little with the enterprises and start-ups looking for a niche in the Confidential Computing ecosystem, but, more specifically refers to applications and services that make use of Confidential Computing in new ways, or adapt existing products to make the most of Confidential Computing, enabling new offerings to be provided to the market.  There are already many start-ups who have identified market opportunities opened up by Confidential Computing in pretty much any sector you can imagine, leveraging the capabilities of TEEs and the enabling power of attestation to do new things or existing things more securely.  Such organisations will need engineers ready to work closely with product and service teams to build applications and frameworks that require deep understanding of Confidential Computing and how it works in a specific engineering context.

Generalist

Where engineers within a CC-dedicated organisation need to work in a specific engineering context, the generalist area is one suited to those who want to help spread Confidential Computing more widely.  This sort of role will see people working either as an internal or independent consultant or as a part of a security team looking to help organisations extend their use of Confidential Computing to existing or new applications and services.  They may specialise in Confidential Computing technologies and how to apply them, or have them as part of their larger engineering, design or architectural armoury in the same way that experts in the use and application of cryptography might advise an engineering team on how to build security primitives into their component or how on how to apply cryptographic protocols to a larger system.  In either case, technologists following this path are likely to encounter a variety of different applications of Confidential Computing and will need to be able to apply the appropriate primitives, tools and techniques to the job in hand.

Conclusion

As Confidential Computing becomes more established as a “must-have” technology and the ecosystem continues to expand, we will continue to build a talent base of expert engineers. Whether your interests lie in research, design, engineering or operations, there will be opportunities to find rewarding careers in Confidential Computing.

Closing Profian

In June 2021, a little under two years ago, I left Red Hat and joined Profian as the CEO – Chief Executive Officer. In mid-January 2023, we – the board – decided to close down the company. All 14 members of the company are looking for new jobs.

I’ve not been blogging much recently, and it’s been because I’ve been busy trying to sort out what we do with the company. We looked at many different options around getting more funding or even being acquired by another company, but none came to fruition, so we decided to close down the company as gracefully as we could. It’s not been an easy few weeks (or months, in fact), but I’ve pretty much come to peace with the decision.

I’ll be writing more posts about what happened, how we got there, and the rest, but here’s a quick version of what happened, as I posted in an internal chat room:

While pretty much everybody believes that Confidential Computing is on its way, there’s also general agreement in the market that it’s not ready for major market adoption for 12 or more months. This is partly due to the fact that the tech is still regarded as immature (and prone to vulnerabilities) and also largely because the recessionary pressures on all sectors mean that organisations are protecting their core existing services, rather than betting money on new tech. VCs are into “ARR”: Annual Recurring Revenue. They want to see fast growth, and paid pilots with (even with big players) which don’t lead to fast scaling of the business aren’t considered sufficient. The amount of money available wouldn’t have been sufficient to allow us to grow and defend a market share in order to get to the next funding round. We also looked at acquisition, but nobody was ready to bet on new tech to the extent of buying the company: again, because they’re defending their existing services and staff (and, in many cases, laying people off already).

Me, on internal Profian chat room

I’m currently focussing on four things:

  1. helping the extremely talented Profian team find new jobs;
  2. winding the company down;
  3. taking some time to recover from the past few months – emotionally, mentally and physically;
  4. starting to look for a new job for myself.

If you can help with #1 or #4, please get in touch. Otherwise, keep an eye out on this blog, and expect more posts. See you soon.

Recruiting is hard

It’s going to be easier to outsource this work to somebody who is more of an expert than I’ll ever be, would ever want to be, or could ever be.

We (Profian) are currently looking to recruit some software engineers. Now, I’ve been involved in hiring people before – on the interviewing side, at least – but actually doing the recruiting is a completely new experience for me. And it’s difficult. As the CEO of a start-up, however, it turns out that it’s pretty much down to me to manage the process, from identifying the right sort of person, to writing a job advert (see above), to finding places to place it, to short-listing candidates, interviewing them and then introducing them to the rest of the team. Not to mention agreeing a start date, “compensation package” (how much they get paid) and all that. Then there’s the process of on-boarding them (getting contracts sorted, getting them email addresses, etc.), and least some of which I’m pleased to say I have some help with.

The actual recruiting stuff is difficult, though. Recruitment consultants get a bad rap, and there are some dodgy ones, but I’m sure most of them are doing the best they can and are honest people. You might even be happy to introduce some of them to your family. Just a few. But, like so many other things about being start-up founder, it turns out that there comes a time when you have to say to yourself: “well, I could probably learn to do this – maybe not well, but with some degree of competence – but it’s just not worth my time. It’s going to be easier, and actually cheaper in the long run, to outsource this work to somebody who is, frankly, more of an expert than I’ll ever be, would ever want to be, or could ever be. And so I’ve found someone to work with.

What’s really interesting when you find somebody to help you with a new task is the time it takes to mesh your two worlds. I’m a software guy, a we’re looking for software people. I need to explain to the recruitment consultant not only what skills we’re looking for, but what phrases, when they appear on a LinkedIn page or CV[1], are actually red flags. In terms of phrases we’re looking for (or are nice to haves), I’d already mentioned “open source” to the recruitment consultant, but it was only on looking over some possible candidates that I realised that “FOSS” should be in there, too. A person whose current role is “Tech lead” is much more likely to be a fit than “Technical manager”. What’s the difference between a “cloud architect” and a “systems architect”? Is “Assembly” different to “WebAssembly” (yes! – oh, and the latter is sometimes shortened to “Wasm”).

There are, of course, recruitment consultants who specialise in particular technical fields, but what we’re doing (see the Enarx project) is so specialised and so new that I really don’t think that there are likely to be any specialist recruiters anywhere in the world (yet).

So, I feel lucky that I’ve managed to find someone who seems to get not only where we’re coming from as a company, but also the sorts of people we’re looking for. He wisely suggested that we spend some time going over some possible candidates so he could watch me identifying people who were a definite “no” – as useful for him as a definite “must interview”. Hopefully we’ll start to find some really strong candidates soon. If you think you might be one of them, please get in touch!

(Oh – and yes, I’ve invited him to meet my family.)

1 – that’s “resume” for our US friends.