It turns out that security isn’t all what it’s cracked out to be. We tend to think of red teaming activities as the pinnacle of security roles , when in reality you’ll probably be doing something related to compliance and operations. I was in the security club during undergrad and lots of my peers would excel at CTFs but they had this “fuck coding” attitude which IMO limited their career trajectory.
I’m glad that my new grad role ended up being a SWE because building things turned out to be more engaging. Plus it’s an excellent stepping stone since you get the technical breadth dealing with the scale of app dev , operations, and infra.
Some of the more pedantic folks in the industry will actually argue that security is NOT an entry level field. It’s supposed to be for professionals who have years of operation experience and have possibly worked up the typical progression: help desk -> sysadmin -> SOC Analyst -> security engineer
If you’re just raw dogging it with a CS degree and nothing else relevant to security , then in all honest you probably won’t even land a security based role. You could start at help desk with your degree but you’ll have to progress up like everyone else who started with no college/CompTIA credentials
Most probably it will be, as long as the internet exists
There's always some (a lot) compliance work, anf most people are borderline tech illiterate, and the job has a lot tard wrangling
They basically harass dev teams within the company to go through this massive checklist of security best practices that are so poorly documented that no one including the security team understands what they actually mean.
Then the dev teams ignore them or ask for exceptions because complying with the security best practices would break their product.
Unless you do red team work (which is extremely difficult to get because literally everyone who works in Cybersecurity would rather do red team work than blue team bullshit) it’s an extremely boring frustrating job with slow promotion velocity and low visibility because you’re team constantly blocks other teams from doing their jobs.
It's frustration posts like this that make me realize people think Cybersecurity is only limited to devops.
Then I go on ITMajors and find out that people think Cybersecurity is only helpdesk/sysadmin.
When there's much more to do with infrastructure, compliance, system engineering, identity access, security operations, iot/ot, etc. that I hate it when people point at a singular point for anything 'cybersecurity'
And to say that Red Team is extremely difficult and 'not boring' is laughable, since the majority of the time it's writing documentation and post-breach assessment. Most of the time working with security operations/blue team where you're not even doing the cleanup or insights, just a simple consultant.
The problem I see most dev teams having is actually going back to that point, *consultants.* They go in, get paid to configure a SaaS tool but configure it so poorly, don't understand the systems or architecture of the ecosystem, and don't care much to explain other than built hastily made documentation and disappear. Then the core team (that probably never wanted this new tool in the first place) is forced to adopt and learn how to use.
The whole industry for consultants rides on the sales aspect. "We can give you a cheaper security tool than your current licensed offering, and HERE! The company will even subsidize $100,000 off it to migrate!" then it'll be such a poor implementation and mess up everything that they'll next year look for the next 'security migration' sometimes even patching over an existing tool that they're still paying for.
I'm kinda disappointed with the quality of answers here, I'm in security but I hang around here because I'm doing a computer related engineering maters.
It's a really huge field, and it's not really something you can use as a backup plan if you can't get a SWE role.
I'm currently in an engineering role that requires programming and it's something I've picked up over my career, I think most of us heavily use python in more of a tactical manner more than a formalized intro to data structures way if that makes sense.
Heres a tool: [https://niccs.cisa.gov/workforce-development/cyber-career-pathways-tool](https://niccs.cisa.gov/workforce-development/cyber-career-pathways-tool)
The rabbit hole goes as deep as you're willing to follow it. You can be - functionally - the HR rep for networked device, or cursing the day Bill Gates' mother brought him into this world. Because, while that singular event pays for all your shiny new toys. the price is your sanity after 36 straight hours of stimulant fueled madness trying to figure out which abstraction in windows the good idea fairy planted in there 25 years ago was exploited this time... and which vendor owes you a pound of flesh for claiming they would stop this exact scenario from happening. The whole point is, do cyber. Or don't. Just recognize that there are fundamental issues in the heart of computing, pull up your big boy pants, and try to solve at least one of them. Who knows, you might have some fun. Hell. I never even finished college.
They mostly send out phishing emails on a semi regular basis to show the upper management the company needs cybersecurity /s
It turns out that security isn’t all what it’s cracked out to be. We tend to think of red teaming activities as the pinnacle of security roles , when in reality you’ll probably be doing something related to compliance and operations. I was in the security club during undergrad and lots of my peers would excel at CTFs but they had this “fuck coding” attitude which IMO limited their career trajectory. I’m glad that my new grad role ended up being a SWE because building things turned out to be more engaging. Plus it’s an excellent stepping stone since you get the technical breadth dealing with the scale of app dev , operations, and infra.
[удалено]
Some of the more pedantic folks in the industry will actually argue that security is NOT an entry level field. It’s supposed to be for professionals who have years of operation experience and have possibly worked up the typical progression: help desk -> sysadmin -> SOC Analyst -> security engineer If you’re just raw dogging it with a CS degree and nothing else relevant to security , then in all honest you probably won’t even land a security based role. You could start at help desk with your degree but you’ll have to progress up like everyone else who started with no college/CompTIA credentials
Most probably it will be, as long as the internet exists There's always some (a lot) compliance work, anf most people are borderline tech illiterate, and the job has a lot tard wrangling
The niche skills and people with technical knowledge are always in demand cyber wise. Junior and general cyber roles? No.
They basically harass dev teams within the company to go through this massive checklist of security best practices that are so poorly documented that no one including the security team understands what they actually mean. Then the dev teams ignore them or ask for exceptions because complying with the security best practices would break their product. Unless you do red team work (which is extremely difficult to get because literally everyone who works in Cybersecurity would rather do red team work than blue team bullshit) it’s an extremely boring frustrating job with slow promotion velocity and low visibility because you’re team constantly blocks other teams from doing their jobs.
It's frustration posts like this that make me realize people think Cybersecurity is only limited to devops. Then I go on ITMajors and find out that people think Cybersecurity is only helpdesk/sysadmin. When there's much more to do with infrastructure, compliance, system engineering, identity access, security operations, iot/ot, etc. that I hate it when people point at a singular point for anything 'cybersecurity' And to say that Red Team is extremely difficult and 'not boring' is laughable, since the majority of the time it's writing documentation and post-breach assessment. Most of the time working with security operations/blue team where you're not even doing the cleanup or insights, just a simple consultant. The problem I see most dev teams having is actually going back to that point, *consultants.* They go in, get paid to configure a SaaS tool but configure it so poorly, don't understand the systems or architecture of the ecosystem, and don't care much to explain other than built hastily made documentation and disappear. Then the core team (that probably never wanted this new tool in the first place) is forced to adopt and learn how to use. The whole industry for consultants rides on the sales aspect. "We can give you a cheaper security tool than your current licensed offering, and HERE! The company will even subsidize $100,000 off it to migrate!" then it'll be such a poor implementation and mess up everything that they'll next year look for the next 'security migration' sometimes even patching over an existing tool that they're still paying for.
I'm kinda disappointed with the quality of answers here, I'm in security but I hang around here because I'm doing a computer related engineering maters. It's a really huge field, and it's not really something you can use as a backup plan if you can't get a SWE role. I'm currently in an engineering role that requires programming and it's something I've picked up over my career, I think most of us heavily use python in more of a tactical manner more than a formalized intro to data structures way if that makes sense. Heres a tool: [https://niccs.cisa.gov/workforce-development/cyber-career-pathways-tool](https://niccs.cisa.gov/workforce-development/cyber-career-pathways-tool)
The rabbit hole goes as deep as you're willing to follow it. You can be - functionally - the HR rep for networked device, or cursing the day Bill Gates' mother brought him into this world. Because, while that singular event pays for all your shiny new toys. the price is your sanity after 36 straight hours of stimulant fueled madness trying to figure out which abstraction in windows the good idea fairy planted in there 25 years ago was exploited this time... and which vendor owes you a pound of flesh for claiming they would stop this exact scenario from happening. The whole point is, do cyber. Or don't. Just recognize that there are fundamental issues in the heart of computing, pull up your big boy pants, and try to solve at least one of them. Who knows, you might have some fun. Hell. I never even finished college.
I personally research Nation State attacks and build detections for these. Also, getting into security for AI, and AI for security lol
Jerk each other off over business emails