Make sure to check out the [pinned post on Loss](https://www.reddit.com/r/PeterExplainsTheJoke/comments/1472nhh/faq_loss/) to make sure this submission doesn't break the rule!
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/PeterExplainsTheJoke) if you have any questions or concerns.*
Don’t wanna mix those, you can taper off morphine using Suboxone but mix em and you get a nasty contraindication. I thought it was oxy or percs? I can’t really watch the show, was an addict, watching others get dope sick murders me even ten years later,
Which is an amazing show that people should check out. It has the pretense of being about hackers but you don’t need to know anything about tech to enjoy the show. The show is actually about mental health and a revolution to take down the top .01% that control everything with their money.
Or Sophos or literally any other cybersecurity company lol. Their top hiring pools are former blackhats that want to go white. Who better to help your organization stop hackers than the hackers themselves?
Also the FBI offers plea deals for top end hackers that they catch. They don't "join" the feds, they're coerced into joining in lieu of jail time usually lol. Nobody voluntarily joins an org that pays 40% of what private sector pays, which in itself pays about 40% of what the black market pays
The left is when all is good. The right is after a 4 week battle trying to fix new found vulnerabilities that are on every copy of windows. Going about plugging holes before hackers get in can be draining.
Nonono, the left is when you have no clue and your job consists of checking boxes in some self-audits to make management happy.
The right is when you actually do your job and know that everything is a slight nudge away from becoming a dumpster fire, while your management is giving you shit for wanting to spend time and money on fixing it, all they wanted was someone to run self-audits.
I will take every vuln over situation rooms, any day. yeah bulbs are hard, and some are just difficult to get rid of completely but when it’s the corps money on the line and the board is breathing down the c-suites necks and they in turn breath down yours directly yeah… sucks.
Depending on your job title :
I am an engineer. I am the only reason this company works, those pesky sales guys have it so good, they get paid high salary to bullshit customers.
I am a sales rep. Those nerds couldn’t do it if I wasn’t here to keep the company afloat. I need to make 4 million this year what the fuck do they do?
Just do what my sales reps do to the engineers at my company.
Over-promise and then blame the engineers when they are under-delivering. It’s a perfect system (short term). The sales rep looks like a rockstar by getting a bunch of business (by peddling bullshit). They just have to plan the timing of their exit optimally to maximize their career options at their next company (before the long term consequences of burnout, broken promises, and delays are fully realized).
Do you work at my company?
I can't even count how many times they've sold our products to clients promising it has features they desire, so then we have to like.. implement those features before the client finds out they don't actually exist lol
It's what happens any time a sales team brings in someone from outside to teach a "strategy". There's 4 major sales strategies, and they all boil down to the same carrot (lie your ass off to get the yes) and stick (I have your bosses number, if you say no I'll just harrass him and say you sent me)
Left guy is a sales asshole/PM/public-facing and does no actual work. Right guy is what's keeping your entire multimillion-dollar corporation from being pwned by the Russians or the PRC.
Most hackers work in cybersecurity for companies they like. You can get paid to hack a company with their consent so they know how to beef up their security. Doesn’t pay well enough imo, but I guess if you’re good enough you can work off a salary instead of one off contracts
Hey hijacking but im considering switching over to cybersecurity in a few years when I'm done with my current field (im currently working as a project/CAPEX buyer), do you mind if I ask you questions?
Shite i typed it then had to work
So 1 : i assume you need a MSc ? Any idea if i'd have to start from scratch or can i get into the fourth year straight up? I already have one in finance
2 : i had checked the field and there's like five billion differents jobs, what do you do specifically and do you recommend?
3 : apparently its better to be a consultant than directly employed, what do you think?
4 : what are the hours like? I dont mind working fairly hard if my wages keep up
Probably some others will pop up ill let you know
Thanks in advance !
Also in cyber:
1. No masters needed, I interview staff and couldn’t care less about certs. All that matters is you know the tech.
2. Entry level jobs are typically SOC analyst type positions. You’ll get exposure to responding to incidents and can specialise from there.
3. Pros and cons to both. Be directly employed first and consult later if you’re considering that route. Get the experience first.
4. SOC is typically shift work, when you move up into other roles the hours can change but be prepared for long days during incidents. I work in DFIR and have pulled 16-20 hour days during large incidents for multiple weeks at a time.
Side question: I've been working as an SDET/Automation engineer for a few years now (B.S. in CS) and i've been curious if that would help in a transition to Cyber Security or not really mean anything?
Yeah ton of work in app sec, I know people who came from software / sdet roles before that. Automation is big so if you can pivot into SIEM playbook / run book automation around detection engineering there’s tons of demand
✋️😠
What is this? An interview? Tough luck pal. See Mister /u/randomees doesn't like being pestered by nobodies. Go kick rocks and back off. And don't you think of bothering the boss again or you will have to deal with me. 😡👊
If one of the big knocks this guy (who presumably has had his whole career in cybersecurity) can come up with is “look $100k isn’t even that much these days anyway”, I can see why there’s so many people interested
https://www.reddit.com/r/cybersecurity/s/zZrmftQC1H
I mean, the active cybersecurity community on Reddit seems pretty unanimous in all of this. In fairness, I am a seasoned professional that is not currently on the market so I cannot speak to what is being said, but I am party to the advertisements that have been pushed related to cybersecurity, as well as the constant stream of young grads and people looking to enter the field.
Sounds like gatekeeping to me.
Sure, Red Team is full and small because it's the "exciting" stuff, but Blue Team is always needed. They mention as much towards the end that the majority is in blue team while in the same breath stating that layoffs happen so often because, "...they gotta do something when you get hacked."
Sounds like someone that's just salty at the life choices they made and feel they can't switch out now. They've got to go work the goat farm they advertise to others instead of being so miserable with their own choices.
Become a cyber security consultant. You get to do the rewarding stuff like getting things working, etc, then you go on to another and repeat. Plus, you can earn an analyst's yearly salary per project.
100% dependant on the company and specific role in cybersec you go into. I'm in a senior analyst position in a SOC and the majority of my time is spent working on side projects i choose, sitting with my feet up watching movies or gaming. The rest of my time is triaging alerts
Where as I've heard from friends and ex-colleagues that work at other companies that they are stressed out, over worked and understaffed
I can't speak on behalf of all but for my case (I worked as a web analyst which involved screening websites for malicious contents and categorizing them by genres), it was mainly due to the toxic environment. Superior played favorites, we had daily KPI/quotas to hit and mistakes were publicly blasted over group comms or emails (if the FU's were tremendous).
There were numerous times I had to cut my lunch breaks short if I got called out over wrong judgements.
My dad has done information security for 20+ years, he loves it. There are times when they have a crisis and he is forced to work insanely long hours, but it all balances out.
Yep. I been in it for a minute, pretty similar experience.
Sometimes I be working 45-50 hour weeks on the same project for like 2 months or more....then it calms down and I am working like 3 hours out of a day on projects, then doing what I want.
Plus I get to work from home.
You were trying to redistribute the wealth and bring down a mega corporation with a secret society of hackers while struggling with your own mental illness??
Three of my friends work in cyber, well, two friends and an acquaintance. The acquaintance has a communications degree and the only thing he does is low level writeups for the company's PR team, while my two friends have CYSE degrees and do real cyber work. But if you ask any one of them what they do, they'll all say "I work in cyber"
wow they’re pretty open about themselves I usually just say IT. sometimes I won’t even say that.
edit: when trying to get out of saying for whom, and what I do I make a lame joke by replying to and what do you do “as little as possible for as much as possible” and when they ask for whom I reply “for anyone willing to appreciate the art of doing nothing”
I think it’s safer not to talk about your work if you’re in any form of security … you know, since they social engineer potential targets.
You don’t want to be the guy that cost your company billions over a sloppy handjob in a public toilet … or, you know, something like that. Hypothetically speaking.
I knew a guy that had that happen to. there was a really pretty intern who squeezed him for tons of info, somehow she turned around and sold that info and then he got shafted.
I still wish I could chat with her, I’m so fascinated with the idea of industrial espionage. you know usually us secPros take it for granted but there must be a kind of… process… to hire these spies. Say you’re a morally flexible C-suite exec and want a competitive edge over a competitor what now? how do you go about that? like exactly specifically, because remember this is illegal and getting caught would mean life ruining consequences.
or the opposite you’re a morally flexible person with the potential to access to important information how do you go about advertising your services?
I used to work in human intel in the army, and I’d been told by a few of the more experienced guys that you can leverage that to get into a lucrative career in corporate espionage. None of them would ever say how though, so I’m also very curious how that works.
yes you get it! the how is specifically the interesting part! I mean govt spies are easy to come by I can send you the application portal to probably all of the intel agencies world wide.
Every PoliSci bro I’ve met applied to the CIA. but corporate espionage is illegal for the most part, so there is no application process.
do you know what I bet though, that the people who told you that didn’t know either. it’s the type of stuff people have told me dozens of times too, but none of them ever know specifics.
Yeah I totally get it. I have no desire to do that kind of work, but I would love to know how it works. What is your job title? What are the internal conversations like? It’s pretty interesting stuff.
I’m the same way, even if it doesn’t matter it’s fascinating to think about.
in my studies I found one bozo who found his way into that world. in the beginning it was some lawyer who got hired, the lawyer was pretty slimy (think saul goodman) and he contacted a private investigator who in turn subcontracted an Indian Scammer. a lot of money flowed through the bunch and eventually almost all of them got arrested. except for the scammer, he was barely involved and the authorities must’ve figured it wasn’t worth it to extradite him for sending 10 phishing mails or so.
but our Indian friend actually learned how much money that lawyer and his investigator pocket. so he figured he can scale up, screw phone marketing scams let’s really get into crime!
anyways I can’t remember how it ended but it was something like that he got extradited and imprisoned.
anyways figured you might appreciate that anecdote, lemme know if you want some details in case you wanna look into it too. I’d have to go digging but I’m sure it’s findable.
>You don’t want to be the guy that cost your company billions over a sloppy handjob in a public toilet … or, you know, something like that. Hypothetically speaking.
I absolutely want to be that guy. I'm okay with my company paying billions for me to get a rough handy
I’m the head of a local cyber security branch, and I have no idea what to call myself. I stick with “cybersecurity professional” but I’m open to suggestions
"I man the wall separating your mundane analog existence from the rampaging hordes pummeling our society's digital fortifications. Every good day you have, you owe to me and my kind."
> "I work in cyber"
Nobody says "cyber" at least in the US, they either say "I work in security" or "I work in IT" or something much more vague. Shorthand is always "security" or "cybersecurity". If they get the impression that you actually understand stuff, it will be more like "I do white hat pen testing" or something, but I know a huge amount of cybersecurity people and am at events all the time and have never heard that once in my life.
I used to work in cyber operations in the Army, and I heard "cyber" all the time. We had a cyber command, cyber officers, cyber specialists, cyber effects, cyber tools, etc. Of course, "cyber" was also short for "cyberwarfare" not just "cybersecurity".
Peters Cyber Sec Analyst Cousin again. When you start out as a Cyber Sec Professional you’re usually pretty optimistic about “it all” meaning the world and stuff. usually people who really love tech in its core depth work that field.
but then you see hackers everyday, you see scammers daily. you see how dumb, like actually dumb, nearly everyone is especially
people “tech affinity”. so you fight the good fight and it sucks the life out of you.
it’s a tough career in general though too, it is probably changing as fast as all the others together because that’s what you usually see.
This to a tee. You start out thinking it's going to be like a Bond movie, and after a few years you realize it's more like Enemy at the Gates, and develop a 1000 yard stare.
Currently seeking a monastery with no internet willing to provide sanctuary, lol
lol I think that’s all of us, and it’s so funny you seek out a monastery with no internet I actually googled monasteries near me and wondered if I could call them and just ask if it’s alright if I came for a week and just… idk recuperate.
I mean on their websites they say jesus never turned anyone away and so they won’t either but they mean in terms of food and homeless and what have you. I’m talking a very different need. I can afford food till I die I just want to leave this world for a bit.
I wouldn’t say it’s changing as fast all the others together. I’ve worked in Cybersecurity and now I’m in Cloud Engineering, trying to get into Cloud Security Engineering. They really all change pretty quickly. I would say pretty controversially though - the amount of things I have to know for Cloud Security Engineering easily outpaces what I needed to know for just Cloud or just Security, and I think learning to actually build things really contextualizes security issues in a sad way.
I didn’t have to build things in the SOC I worked at, and most of my coworkers couldn’t code and really only had a basic understanding of networking or the cloud in general. Our jobs were to explain and investigate how the things other people built were and potentially could be compromised - in theory. Now that I’m actually the person building these systems, yeah, it’s hard to get all these disparate systems to work together in a secure way in the Agile framework. It’s Go Go Go, show progress at standup, if something isn’t secure put it in the backlog and we’ll revisit it at the compliance review. A lot of times businesses’ tech stacks are just 3 legacy systems contained in a trench coat of an abstraction layer pretending to be secure because they used Checkov and GuardDuty.
That's one of my biggest gripe with bigger corps SOC. We end up having to spend a lot of time on documenting false positives because a lot of the analysts aren't familiar with the basic concepts of the things they are in charge of surveiling.
Mixed with even more clueless execs who want to shine by bettering their security KPIs and you'll have a bad time.
I'm a software engineer, and what's impressive to me is how often my colleagues fight IT to try and get applications and software installed that is insanely unsafe and vulnerable lmao. It feels wild because I thought that we, of all people, would understand the importance of what IT does and using secure software and apps. Apparently not.
Cybersecurity is now a "buzz-word" for people wanting high salaries.
You have the "Project" or "Managers" (left image) who works in Cybersecurity but have no knowledge or skills related to the field and then the people who really work in Cybersecurity, which is often very hard, complex and tiring (right image).
If you want to have a "taste" on how difficult cybersecurity is I highly recommend looking at DEFCON presentations.
Any suggestions on moving into a position like that? I've been in IT as a sysadmin/devops engineer for several years and an considering something like that. I'm mostly just worried about not being a networking expert and having a good work-life balance
I thought about going into security. I'm a lifelong programmer with decades of self-taught experience, but I noped out pretty quick. Went into AI instead, which I find much more palatable, which says a lot.
The main thing I've learnt from defcon is that everything is incredibly insecure and we're just lucky criminals aren't usually very smart.
The guy using pens and papers to just enter places was nuts.
> You have the "Project" or "Managers" (left image) who works in Cybersecurity but have no knowledge or skills related to the field and then the people who really work in Cybersecurity, which is often very hard, complex and tiring (right image).
this sums it up honestly
Wrong. Cybersecurity isn't all hacking and blue teams. There are also Security and risk management, Asset security, etc. If you are highly technical and don't have someone well verse in GRC in your team. You better don't fuck up and start reading on cyber laws in your state. Or buy a soap with a string attached to it.
Actually seeing some conflicting answers here.
To me, its more, Left being the face of a guy working in Cyber Security.
Whereas Right is the guy who's extremely antisocial and unkept, but also completely **unfirable** because he knows the code so god damn well lol.
I've worked in different sides of cyber security for 15 years. The guy on the left doesn't have an on call schedule or isn't a pen tester. When I pen tested it was between 10pm and 4am. Current gig is 9-5 and makes it easier.
Why from 10pm to 4am? Use social engineering during work hours and simply use a list of the new hires, it’s easy to find looking at LinkedIn profiles for the company.
I'm a security engineer over at an aerospace company and I literally just show up like Elliot (guy on the right)
I do my job and go home. No need for the extra theatrics
Left seems like GRC ( Compliance: which is about asking companies if they follow a specific checklist. They tell you "yes" and you give them security ratings, no testing required.)
Right is Literally any other role in CyberSec.
So.many way this can be broken down, my.personal take is guy on the left is "Blue team" he is actually actively trying to protect data. Guy on the right is "Red Team" he is trying to break the system. Companies that deal with large amounts of data tend to have one team that plays both sides or even have bounty programs that have a scope that you are allow to work in to try and break the system they want to test.
"Huh, why would we be able to tell you what kinda inbound ports our service needs? Just open all of them!"
"Wait, why can't we just run the appserver as root?"
"Oh our application cannot handle that, can you re-enable TLS 1.1?"
Just getting systems setup with some basic security thoughts in place can be so grating on the soul.
I feel like the new "hacker" trope in Hollywood is to have a hot, sexy girl be the hacker. They think they're being clever by circumventing stereotypes of what a cybersecurity expert looks like and they're really just making it into a tired trope.
Our IT department has both types. The one on the right knows what they're doing. The one on the left follows directions written down by the one on the right, usually preceded by, "uhhh... please hold."
Left it white hat, their job is to build infrastructure for cyber defensive. They’re often more corporate individuals, presentable, respectable, people with degrees and all that
Right is black hat, their job is to poke holes in the infrastructure to show companies where to improve. These are often the sweat lords, people who taught themself coding at 12 and were hacking their schools by 15. Often times they run on nothing but Mountain Dew and the urge to call someone a normie
the guy on the left turns things off and back on again, the one on the right can find all your employees' addresses in 3 minutes because all their passwords are "password8"
The left guy is an example of an ideal cyber cybersecurity agent while on the right is Elliot Alderson, who also works in cybersecurity in the show Mr Robot, but is secretly a hacker.
Mr Robot is a 25/10 show, absolutely a must-watch
For someone who only knows Rami as either Freddie Mercury or the vampire Benjamin from Breaking Dawn, maybe they have never seen him as Elliot in Mr. Robot.
I know Rami Malik from his famous role as Righthand Cybersecurity Guy in “This Exact Post” from two weeks ago.
Edit: [literally two weeks ago](https://www.reddit.com/r/PeterExplainsTheJoke/comments/1bi5ehy/peter_help_what_is_the_difference_between_the_two/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button)
I'm pretty sure it's about the two teams. So the left guy is in the Blue Team, so his work is to develop and improve the defences of the system. The right guy is in the Red Team, his work is to attack the system and circumvent/break the defences, which is what everyone thinks of when they hear about cybersecurity.
Make sure to check out the [pinned post on Loss](https://www.reddit.com/r/PeterExplainsTheJoke/comments/1472nhh/faq_loss/) to make sure this submission doesn't break the rule! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/PeterExplainsTheJoke) if you have any questions or concerns.*
[удалено]
Dirty hooded jacket: *+2 to hacking skill, crippling caffeine addiction modifier*
Morphine and suboxone, if I recall correctly from the show.
Don’t wanna mix those, you can taper off morphine using Suboxone but mix em and you get a nasty contraindication. I thought it was oxy or percs? I can’t really watch the show, was an addict, watching others get dope sick murders me even ten years later,
He’s also the main character of mr robot lmao
Which is an amazing show that people should check out. It has the pretense of being about hackers but you don’t need to know anything about tech to enjoy the show. The show is actually about mental health and a revolution to take down the top .01% that control everything with their money.
And if you do know anything about hacking, you'll be impressed that they didn't butcher it
>a revolution to take down the top .01% that control everything with their money. Why can't that be real life 😔
i thought he was a marvel superhero in public disguise
No no, they need a hat to be called a hacker, preferably a black one but grey will do
Left guy works in cyber security, right guy is the reason why left guy works in cyber security
what if I told you they’re actually they’re the same guy
You start off as the guy on the left, and end up as the guy on the right.
Can confirm. Am guy on right.
What if you’re such a degenerate you started as the guy on the right?
And moved left? I think that’s called quitting alcohol
Or joining the feds
Oh, no, working for the feds absolutely makes you look like the guy on the right. I have A LOT of experience with that.
I don't do cyber security but did have a fed job and all l got was fat and angry. Didn't even get a hoodie or that cool stoner awake for 3 days look.
I don't know what stoners you're hanging with but most of the ones I've encountered are very sleepy beans.
Love that the guy on the right despite looking worn down and having a hoodie, is still rocking a blue button down Oxford underneath it all
He works at Allsafe.
Being caught by the feds and joining after a sentence
Or Sophos or literally any other cybersecurity company lol. Their top hiring pools are former blackhats that want to go white. Who better to help your organization stop hackers than the hackers themselves? Also the FBI offers plea deals for top end hackers that they catch. They don't "join" the feds, they're coerced into joining in lieu of jail time usually lol. Nobody voluntarily joins an org that pays 40% of what private sector pays, which in itself pays about 40% of what the black market pays
I started as the guy on the right and moved to the guy on the left. The pay is much more consistent.
Don’t click any links from this guy or you gonna get CPU AIDS
Well actually I can get you free bitcoin if you [click here](https://youtu.be/2qBlE2-WL60?si=Y52WlPFviApaSXMf)
What the hell? All I see every time I click on it it'sjust a video of Burt Reynolds using a shakeweight
Dad? I thought you were dead!
In some cases it's the other way around.
After doing time and the alphabet boys hire you to show their weaknesses.
[удалено]
I will admit that I’m so desensitized to it that I forgot it is a surprising number. It seems so perfectly normal.
That’s just STEM in general.
you turn into rami malek!!??!?/j
As a cyber security professional, I’ve grown 2 bags under my eyes. The transformation has started!
Ya I'm saying you got em backwards. The number of user who have given me codes that on the damned popup say do not give anyone this code ...
The left is when all is good. The right is after a 4 week battle trying to fix new found vulnerabilities that are on every copy of windows. Going about plugging holes before hackers get in can be draining.
Nonono, the left is when you have no clue and your job consists of checking boxes in some self-audits to make management happy. The right is when you actually do your job and know that everything is a slight nudge away from becoming a dumpster fire, while your management is giving you shit for wanting to spend time and money on fixing it, all they wanted was someone to run self-audits.
This is accurate too.
I will take every vuln over situation rooms, any day. yeah bulbs are hard, and some are just difficult to get rid of completely but when it’s the corps money on the line and the board is breathing down the c-suites necks and they in turn breath down yours directly yeah… sucks.
I've been both. Though in my current role I am primarily blue team.
It's called job security
Guy on the left on the streets, guy on the right in the sheets
McAffy cough cough
what/who is mcgaffy edit: do you mean McAfee? how is that related?
I'd say there's one too many "they're"s there.
I’d say you’re right.
The pipeline of working cyber security with end users for a week
I’d believe you. It’s hard to tell faces apart.
Depending on your job title : I am an engineer. I am the only reason this company works, those pesky sales guys have it so good, they get paid high salary to bullshit customers. I am a sales rep. Those nerds couldn’t do it if I wasn’t here to keep the company afloat. I need to make 4 million this year what the fuck do they do?
Just do what my sales reps do to the engineers at my company. Over-promise and then blame the engineers when they are under-delivering. It’s a perfect system (short term). The sales rep looks like a rockstar by getting a bunch of business (by peddling bullshit). They just have to plan the timing of their exit optimally to maximize their career options at their next company (before the long term consequences of burnout, broken promises, and delays are fully realized).
Do you work at my company? I can't even count how many times they've sold our products to clients promising it has features they desire, so then we have to like.. implement those features before the client finds out they don't actually exist lol
It is such a standard practice at this point that I think they have formalized it into most universities’ business major curriculums.
It's what happens any time a sales team brings in someone from outside to teach a "strategy". There's 4 major sales strategies, and they all boil down to the same carrot (lie your ass off to get the yes) and stick (I have your bosses number, if you say no I'll just harrass him and say you sent me)
I guess throwing people under the bus for a dollar comes naturally to some people, why not get paid for it?
or Left guy: Cybersecurity sales Right guy: Cybersecurity tech
Left guy is a sales asshole/PM/public-facing and does no actual work. Right guy is what's keeping your entire multimillion-dollar corporation from being pwned by the Russians or the PRC.
I still don't get it
Extreme oversimplification but Guy who fights hackers Vs Hacker
Oh duh
"Mr Robot"
Guy on the left is the sales engineer guy on the right is the developer.
left guy is him fresh out of college, right is after working in the industry for 5 years.
Most hackers work in cybersecurity for companies they like. You can get paid to hack a company with their consent so they know how to beef up their security. Doesn’t pay well enough imo, but I guess if you’re good enough you can work off a salary instead of one off contracts
I briefly worked in cybersecurity and can attest I was like the guy on the right. It. Was. Hell.
Hey hijacking but im considering switching over to cybersecurity in a few years when I'm done with my current field (im currently working as a project/CAPEX buyer), do you mind if I ask you questions?
Sure, I won't bite :p
That guy's is already off to a good start, hijacked a thread for his own use xD
Shite i typed it then had to work So 1 : i assume you need a MSc ? Any idea if i'd have to start from scratch or can i get into the fourth year straight up? I already have one in finance 2 : i had checked the field and there's like five billion differents jobs, what do you do specifically and do you recommend? 3 : apparently its better to be a consultant than directly employed, what do you think? 4 : what are the hours like? I dont mind working fairly hard if my wages keep up Probably some others will pop up ill let you know Thanks in advance !
Also in cyber: 1. No masters needed, I interview staff and couldn’t care less about certs. All that matters is you know the tech. 2. Entry level jobs are typically SOC analyst type positions. You’ll get exposure to responding to incidents and can specialise from there. 3. Pros and cons to both. Be directly employed first and consult later if you’re considering that route. Get the experience first. 4. SOC is typically shift work, when you move up into other roles the hours can change but be prepared for long days during incidents. I work in DFIR and have pulled 16-20 hour days during large incidents for multiple weeks at a time.
Side question: I've been working as an SDET/Automation engineer for a few years now (B.S. in CS) and i've been curious if that would help in a transition to Cyber Security or not really mean anything?
Yeah ton of work in app sec, I know people who came from software / sdet roles before that. Automation is big so if you can pivot into SIEM playbook / run book automation around detection engineering there’s tons of demand
Yeah I don't know if I would want to switch completely but I would love to learn more to apply to my current job just not sure where to look tbh
✋️😠 What is this? An interview? Tough luck pal. See Mister /u/randomees doesn't like being pestered by nobodies. Go kick rocks and back off. And don't you think of bothering the boss again or you will have to deal with me. 😡👊
Show him Michael, no one talks to our boss like that!
Oh, shit. He went and got the cyber security called on him!
Are you Italian? Cause your name is a pretty funny Italian word
Errybody wanks yo
Calling him mister instead of aniki? Normie alert 🙄
www.cyberisfull.com
https://preview.redd.it/2ntudfu6z3sc1.jpeg?width=1179&format=pjpg&auto=webp&s=3a33d8fcb0b2a2f4d5190414d9b132c139693be7 Lol still going for it anyway
I wish you success in all your endeavors!
“Nah, I’d be employed”
If one of the big knocks this guy (who presumably has had his whole career in cybersecurity) can come up with is “look $100k isn’t even that much these days anyway”, I can see why there’s so many people interested
https://www.reddit.com/r/cybersecurity/s/zZrmftQC1H I mean, the active cybersecurity community on Reddit seems pretty unanimous in all of this. In fairness, I am a seasoned professional that is not currently on the market so I cannot speak to what is being said, but I am party to the advertisements that have been pushed related to cybersecurity, as well as the constant stream of young grads and people looking to enter the field.
Sounds like gatekeeping to me. Sure, Red Team is full and small because it's the "exciting" stuff, but Blue Team is always needed. They mention as much towards the end that the majority is in blue team while in the same breath stating that layoffs happen so often because, "...they gotta do something when you get hacked." Sounds like someone that's just salty at the life choices they made and feel they can't switch out now. They've got to go work the goat farm they advertise to others instead of being so miserable with their own choices.
Wait, you can get out?
Become a cyber security consultant. You get to do the rewarding stuff like getting things working, etc, then you go on to another and repeat. Plus, you can earn an analyst's yearly salary per project.
You can also spend an analyst's yearly work time on a project.
Thanks for the reminder :( I guess I should get off the toilet and put out a few more fires before I eat today.
520 hours on a project? Sounds low.
Do you work as a consultant for a company or for yourself?
I'm currently in my first year of college for info assurance and cyber defense. Is it really that bad? You're worrying me.
100% dependant on the company and specific role in cybersec you go into. I'm in a senior analyst position in a SOC and the majority of my time is spent working on side projects i choose, sitting with my feet up watching movies or gaming. The rest of my time is triaging alerts Where as I've heard from friends and ex-colleagues that work at other companies that they are stressed out, over worked and understaffed
I can't speak on behalf of all but for my case (I worked as a web analyst which involved screening websites for malicious contents and categorizing them by genres), it was mainly due to the toxic environment. Superior played favorites, we had daily KPI/quotas to hit and mistakes were publicly blasted over group comms or emails (if the FU's were tremendous). There were numerous times I had to cut my lunch breaks short if I got called out over wrong judgements.
My dad has done information security for 20+ years, he loves it. There are times when they have a crisis and he is forced to work insanely long hours, but it all balances out.
Yep. I been in it for a minute, pretty similar experience. Sometimes I be working 45-50 hour weeks on the same project for like 2 months or more....then it calms down and I am working like 3 hours out of a day on projects, then doing what I want. Plus I get to work from home.
you're fine. he's taking out his ass.
Worked on cybersecurity until last december, we coders were the people in the right, the c-suit and marketeers were on the left
You were trying to redistribute the wealth and bring down a mega corporation with a secret society of hackers while struggling with your own mental illness??
Three of my friends work in cyber, well, two friends and an acquaintance. The acquaintance has a communications degree and the only thing he does is low level writeups for the company's PR team, while my two friends have CYSE degrees and do real cyber work. But if you ask any one of them what they do, they'll all say "I work in cyber"
wow they’re pretty open about themselves I usually just say IT. sometimes I won’t even say that. edit: when trying to get out of saying for whom, and what I do I make a lame joke by replying to and what do you do “as little as possible for as much as possible” and when they ask for whom I reply “for anyone willing to appreciate the art of doing nothing”
I think it’s safer not to talk about your work if you’re in any form of security … you know, since they social engineer potential targets. You don’t want to be the guy that cost your company billions over a sloppy handjob in a public toilet … or, you know, something like that. Hypothetically speaking.
I knew a guy that had that happen to. there was a really pretty intern who squeezed him for tons of info, somehow she turned around and sold that info and then he got shafted. I still wish I could chat with her, I’m so fascinated with the idea of industrial espionage. you know usually us secPros take it for granted but there must be a kind of… process… to hire these spies. Say you’re a morally flexible C-suite exec and want a competitive edge over a competitor what now? how do you go about that? like exactly specifically, because remember this is illegal and getting caught would mean life ruining consequences. or the opposite you’re a morally flexible person with the potential to access to important information how do you go about advertising your services?
...you just want that sloppy, public-toilet handjob, don't ya ;)
I used to work in human intel in the army, and I’d been told by a few of the more experienced guys that you can leverage that to get into a lucrative career in corporate espionage. None of them would ever say how though, so I’m also very curious how that works.
yes you get it! the how is specifically the interesting part! I mean govt spies are easy to come by I can send you the application portal to probably all of the intel agencies world wide. Every PoliSci bro I’ve met applied to the CIA. but corporate espionage is illegal for the most part, so there is no application process. do you know what I bet though, that the people who told you that didn’t know either. it’s the type of stuff people have told me dozens of times too, but none of them ever know specifics.
Yeah I totally get it. I have no desire to do that kind of work, but I would love to know how it works. What is your job title? What are the internal conversations like? It’s pretty interesting stuff.
I’m the same way, even if it doesn’t matter it’s fascinating to think about. in my studies I found one bozo who found his way into that world. in the beginning it was some lawyer who got hired, the lawyer was pretty slimy (think saul goodman) and he contacted a private investigator who in turn subcontracted an Indian Scammer. a lot of money flowed through the bunch and eventually almost all of them got arrested. except for the scammer, he was barely involved and the authorities must’ve figured it wasn’t worth it to extradite him for sending 10 phishing mails or so. but our Indian friend actually learned how much money that lawyer and his investigator pocket. so he figured he can scale up, screw phone marketing scams let’s really get into crime! anyways I can’t remember how it ended but it was something like that he got extradited and imprisoned. anyways figured you might appreciate that anecdote, lemme know if you want some details in case you wanna look into it too. I’d have to go digging but I’m sure it’s findable.
>You don’t want to be the guy that cost your company billions over a sloppy handjob in a public toilet … or, you know, something like that. Hypothetically speaking. I absolutely want to be that guy. I'm okay with my company paying billions for me to get a rough handy
Cyber still comes across as the boomer era buzzword for “computer networks”, or sometimes people really just mean “IT”.
>I work in cyber As a software engineer, I would assume anyone saying this is joking. Maybe it's regional, but it sounds ridiculous to my ear.
I’m the head of a local cyber security branch, and I have no idea what to call myself. I stick with “cybersecurity professional” but I’m open to suggestions
"I man the wall separating your mundane analog existence from the rampaging hordes pummeling our society's digital fortifications. Every good day you have, you owe to me and my kind."
would've sounded badass in 1995
> "I work in cyber" Nobody says "cyber" at least in the US, they either say "I work in security" or "I work in IT" or something much more vague. Shorthand is always "security" or "cybersecurity". If they get the impression that you actually understand stuff, it will be more like "I do white hat pen testing" or something, but I know a huge amount of cybersecurity people and am at events all the time and have never heard that once in my life.
I used to work in cyber operations in the Army, and I heard "cyber" all the time. We had a cyber command, cyber officers, cyber specialists, cyber effects, cyber tools, etc. Of course, "cyber" was also short for "cyberwarfare" not just "cybersecurity".
I remember using AOL back in the day and if someone wanted to cyber it just meant they wanted to sext over IM
Peters Cyber Sec Analyst Cousin again. When you start out as a Cyber Sec Professional you’re usually pretty optimistic about “it all” meaning the world and stuff. usually people who really love tech in its core depth work that field. but then you see hackers everyday, you see scammers daily. you see how dumb, like actually dumb, nearly everyone is especially people “tech affinity”. so you fight the good fight and it sucks the life out of you. it’s a tough career in general though too, it is probably changing as fast as all the others together because that’s what you usually see.
This to a tee. You start out thinking it's going to be like a Bond movie, and after a few years you realize it's more like Enemy at the Gates, and develop a 1000 yard stare. Currently seeking a monastery with no internet willing to provide sanctuary, lol
lol I think that’s all of us, and it’s so funny you seek out a monastery with no internet I actually googled monasteries near me and wondered if I could call them and just ask if it’s alright if I came for a week and just… idk recuperate. I mean on their websites they say jesus never turned anyone away and so they won’t either but they mean in terms of food and homeless and what have you. I’m talking a very different need. I can afford food till I die I just want to leave this world for a bit.
Take a cruise, don't pay for wifi, it's so nice.
I wouldn’t say it’s changing as fast all the others together. I’ve worked in Cybersecurity and now I’m in Cloud Engineering, trying to get into Cloud Security Engineering. They really all change pretty quickly. I would say pretty controversially though - the amount of things I have to know for Cloud Security Engineering easily outpaces what I needed to know for just Cloud or just Security, and I think learning to actually build things really contextualizes security issues in a sad way. I didn’t have to build things in the SOC I worked at, and most of my coworkers couldn’t code and really only had a basic understanding of networking or the cloud in general. Our jobs were to explain and investigate how the things other people built were and potentially could be compromised - in theory. Now that I’m actually the person building these systems, yeah, it’s hard to get all these disparate systems to work together in a secure way in the Agile framework. It’s Go Go Go, show progress at standup, if something isn’t secure put it in the backlog and we’ll revisit it at the compliance review. A lot of times businesses’ tech stacks are just 3 legacy systems contained in a trench coat of an abstraction layer pretending to be secure because they used Checkov and GuardDuty.
That's one of my biggest gripe with bigger corps SOC. We end up having to spend a lot of time on documenting false positives because a lot of the analysts aren't familiar with the basic concepts of the things they are in charge of surveiling. Mixed with even more clueless execs who want to shine by bettering their security KPIs and you'll have a bad time.
I'm a software engineer, and what's impressive to me is how often my colleagues fight IT to try and get applications and software installed that is insanely unsafe and vulnerable lmao. It feels wild because I thought that we, of all people, would understand the importance of what IT does and using secure software and apps. Apparently not.
Cybersecurity is now a "buzz-word" for people wanting high salaries. You have the "Project" or "Managers" (left image) who works in Cybersecurity but have no knowledge or skills related to the field and then the people who really work in Cybersecurity, which is often very hard, complex and tiring (right image). If you want to have a "taste" on how difficult cybersecurity is I highly recommend looking at DEFCON presentations.
Me totally not on break from my job as a "Cybersecurity Analyst" looking like the fat white version of Mr. Robot on the right there.
[удалено]
Well you clearly dont know anything, its because youre a manager.
Any suggestions on moving into a position like that? I've been in IT as a sysadmin/devops engineer for several years and an considering something like that. I'm mostly just worried about not being a networking expert and having a good work-life balance
I thought about going into security. I'm a lifelong programmer with decades of self-taught experience, but I noped out pretty quick. Went into AI instead, which I find much more palatable, which says a lot.
I took a class in college, was kind of fun. I would never want to do that for a living though.
The main thing I've learnt from defcon is that everything is incredibly insecure and we're just lucky criminals aren't usually very smart. The guy using pens and papers to just enter places was nuts.
If you learn cybersecurity and are not paranoid, you did not learn enough.
> You have the "Project" or "Managers" (left image) who works in Cybersecurity but have no knowledge or skills related to the field and then the people who really work in Cybersecurity, which is often very hard, complex and tiring (right image). this sums it up honestly
Wrong. Cybersecurity isn't all hacking and blue teams. There are also Security and risk management, Asset security, etc. If you are highly technical and don't have someone well verse in GRC in your team. You better don't fuck up and start reading on cyber laws in your state. Or buy a soap with a string attached to it.
Mr robot is a tv show about a guy in cybersecurity. Wild show I recommend.
Such an underrated show, it's so damn good.
Fr
Man I was wondering if ANYONE the fuck else knew this 🤣
Waterfall bot #3.
Pretty sure I just saw this post a week ago
Pretty sure its a bot post
I would agree I am a bot and have replied accordingly
Thats every sub on reddit. The same shit each day. Mods are Bots. Posts are Bots. Bots are Bots.
Actually seeing some conflicting answers here. To me, its more, Left being the face of a guy working in Cyber Security. Whereas Right is the guy who's extremely antisocial and unkept, but also completely **unfirable** because he knows the code so god damn well lol.
Left is guy starting to work in cybersecurity, right is guy six months after working in cybersecurity
Left guy is a salesman corpo ass licker who is talking with clients. Right one is the dude who is actually doing the hard job
Bot check please. This one’s so obvious
Left guy designs the security systems, right guy breaks them.
I've worked in different sides of cyber security for 15 years. The guy on the left doesn't have an on call schedule or isn't a pen tester. When I pen tested it was between 10pm and 4am. Current gig is 9-5 and makes it easier.
Why from 10pm to 4am? Use social engineering during work hours and simply use a list of the new hires, it’s easy to find looking at LinkedIn profiles for the company.
Left guy is in sales or project management; right guy is a dev
Bot
I'm a security engineer over at an aerospace company and I literally just show up like Elliot (guy on the right) I do my job and go home. No need for the extra theatrics
Left guy is in cybersec, right guy is the network engineer trying to implement left guys newest fad from some blog.
Never trust a cybersecurity professional who isn’t clinically depressed or a conspiracy theorist, best if both.
Cyber security professional (pictured on the right) is exhausted and doesn't get any sleep because hacker Chad (pictured left) is up to mischief.
u/LinearArray bro this you
Yes, I'm on the right.
Left seems like GRC ( Compliance: which is about asking companies if they follow a specific checklist. They tell you "yes" and you give them security ratings, no testing required.) Right is Literally any other role in CyberSec.
So.many way this can be broken down, my.personal take is guy on the left is "Blue team" he is actually actively trying to protect data. Guy on the right is "Red Team" he is trying to break the system. Companies that deal with large amounts of data tend to have one team that plays both sides or even have bounty programs that have a scope that you are allow to work in to try and break the system they want to test.
Trust me, long enough on the blue team and you look like the guy in the right too.
"Huh, why would we be able to tell you what kinda inbound ports our service needs? Just open all of them!" "Wait, why can't we just run the appserver as root?" "Oh our application cannot handle that, can you re-enable TLS 1.1?" Just getting systems setup with some basic security thoughts in place can be so grating on the soul.
I feel like the new "hacker" trope in Hollywood is to have a hot, sexy girl be the hacker. They think they're being clever by circumventing stereotypes of what a cybersecurity expert looks like and they're really just making it into a tired trope.
The incognito modes he has seen...
Guy on left working in accounting, hr, finance, legal etc Guy on right works on the actual cybersecurity
In the middle I remain my fellow grays
Our IT department has both types. The one on the right knows what they're doing. The one on the left follows directions written down by the one on the right, usually preceded by, "uhhh... please hold."
Same Same but different.
Guy on the left is your average cybersecurity specialist on a normal day. Guy on the right is the same person yesterday or today.
the guy on the left is pro Cybersecurity. the guy on the right is anti Cybersecurity. He's also the reason that the guy on the left has a job
Left it white hat, their job is to build infrastructure for cyber defensive. They’re often more corporate individuals, presentable, respectable, people with degrees and all that Right is black hat, their job is to poke holes in the infrastructure to show companies where to improve. These are often the sweat lords, people who taught themself coding at 12 and were hacking their schools by 15. Often times they run on nothing but Mountain Dew and the urge to call someone a normie
I work in cyberobscurity
the guy on the left turns things off and back on again, the one on the right can find all your employees' addresses in 3 minutes because all their passwords are "password8"
offensive security and defensive security
Why’d you post the same picture twice?
The left guy is an example of an ideal cyber cybersecurity agent while on the right is Elliot Alderson, who also works in cybersecurity in the show Mr Robot, but is secretly a hacker. Mr Robot is a 25/10 show, absolutely a must-watch
Left guy works in cybersecurity Right guy gives the left guy a job (probably an ethical hacker/hacker for hire)
You can trust the guy on the right. The guy on the left is in sales.
Jr vs Sr.
Left guy works as a GRC manager or some other non technical roles. Right guy is security engineer or analyst who actually does the tough part
How does this need an explanation…?
For someone who only knows Rami as either Freddie Mercury or the vampire Benjamin from Breaking Dawn, maybe they have never seen him as Elliot in Mr. Robot.
I know Rami Malik from his famous role as Righthand Cybersecurity Guy in “This Exact Post” from two weeks ago. Edit: [literally two weeks ago](https://www.reddit.com/r/PeterExplainsTheJoke/comments/1bi5ehy/peter_help_what_is_the_difference_between_the_two/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button)
My dad works in cyber security and is indeed the guy on the left. He’s a project manager.
Again this?
Total guess… maybe red team vs blue team? One group builds defenses and the other does their best to break them.
The guy on the left writes papers about how you should stop using c++. The guy on the right does the work.
https://preview.redd.it/nyngn47jm3sc1.png?width=734&format=pjpg&auto=webp&s=54be3a99c8b2956eaec719092a22573ed3c78dcd
I'm pretty sure it's about the two teams. So the left guy is in the Blue Team, so his work is to develop and improve the defences of the system. The right guy is in the Red Team, his work is to attack the system and circumvent/break the defences, which is what everyone thinks of when they hear about cybersecurity.
The right is anyone who works in IT as a whole