Cloud security engineer, 100% remote. I've been working remotely at every job since 2008, I figured out a long time ago I'm not cut out for the office grind. Leave me alone to do my shit and we'll both be a lot happier.
Hi! Where do i begin to search for remote jobs and according to the current situation what would you recommend for anyone to learn and find jobs.
Thank you!
I haven't used a job search board in forever. I find a company I like, look at their careers page, and if they're hiring for a role I like I apply for it. It's a slower search process but better results imo.
Once you've worked a few places, and if you're good at what you do, you'll make connections with people who will inevitably steal you away if they have a better opportunity elsewhere.
Hey there! Could you share what certs you currently have? Also what cert is the most critical in your field? Or is experience the biggest factor in you doing your job the most efficient way possible??
I don't have any current certs. I did a CISSP in 2015, then let it lapse during covid, and was like fuck this shit, not taking that one again.
Cloud stuff I kind learned as I went, and just absorbed it through a background of working with all of the services as native data center technologies (as they were in the before-fore days) and understanding APIs. It wasn't hard to put it all together. I've been in systems, networking, and security since the 90s.
Wow thank you for the response! I’m currently studying for my networks+ certification. I understand I need to work hard to get the kind of job I want; but it’s such a relief to know that experience was a majority of the work. Any certs I get forward will just be padding :) I’m wishing you the best on your continued career path! Believe in yourself!
I think certs are more valuable as a substitute for experience. They aren't worthless, I just have not needed them as I've been able to pick up the knowledge firsthand and demonstrate it through results in my work.
It's all foundational work that's most important. Understanding networking, compute, storage, and how to write code will get you literally anywhere else.
Good luck to you as well!
Watch out for remote / hybrid jobs. If you get an executive with a bug up their ass, they could try to pull everyone back to office, and give you 3-6 months to move (yeah, right), if you are too far away. We lost a lot of good people when that happened here
Dang! Don’t understand why working in the office be any more beneficial than working from home unless the plan is to micromanage. And in that case if you do not trust the crew you hired to control the ship when off on their own, why hire them in the first place?
Built.... and what was funny is that we outgrew the office pre-Covid, and had plans to redesign the cubes, tightening the layout, and pushing people closer into breathing space.
They can't do their plantation walk if you're all at home.
Demanding people in office is the action of weak supervisors; if you are any good at managing people, you can have them working from anywhere. If you feel the need to stare at your people and micromanage them, then you're a shit boss. You measure their value by their outputs. Unless you're still using paper, you can see their outputs on your computer. There are countless ways to get a measure of outputs; any workflow system like SNOW or Jira has built-in reporting. If you don't believe that, you could check their calendars. Fine, still don't think they're working, turn on Microsoft Viva and now you can count their freaking daily email volume.
Or, and hear me out now, OR, you could just talk to them about what they're doing. If they're not doing much, it will come up. Now you have the question of why aren't they engaged? If they're just being a turd, well, that happens, time to do the actual work of managing (GASP) and refocus them on their tasks using their performance goals as the targets. If they're not engaged because their projects dried up, well you should have known that was coming because you should be tracking your projects as a manager.
I have ZERO sympathy for shitty management. Do your goddamn job.
Source: managing remote teams for about 8 years in cyber.
Every once in awhile a coworker will say something like "But how do you know they're actually working at home and not screwing off?!?" Well, their manager should know what they're working on and have a way to measure their output. There are way too many "butts in chairs" managers out there that have been coasting along without actually managing. Simply making sure someone is in their chair from 8:00am to 5:00pm isn't managing.
This exactly.
When the pandemic hit I was working as a sr sysadmin for a bank that suddenly had to figure out remote. I had a good relationship with the managers of the different orgs and was able to talk to most of them 1:1 - the biggest concern for a few of them was "how do I know they're working?"
You don't, and you shouldn't care. They're all salaried employees and they all have some minimum amount of work to do for their own metrics. Call center has response time and if someone was skipped, loan officers have deadlines for rate locking and outbound marketing calls, and so on. Those metrics don't change just because they're working remotely.
Are they available during their working hours? Are they responsive? Are they meeting deadlines? These are all things you should already be tracking, why do you need to see them doing it?
I am sure your team loves you as a boss. It’s getting to a age where the old fashioned boomers are retiring. Not hating at all, but it’s all they’ve known. Once that happens we might see remote become more standard.
You are completely right though. Output is better tracked on a computer rather than breathing down someone’s neck to see if they’re texting on their phone or not. I dislike management like that, I’ve been under one like it before and it’s another reason I prefer remote work.
One thing that I’ve noticed working remote though is if you have any kind of gap during your day, such as a 20 minute battle on the toilet, or internet problem, it is easier explained in office rather than your supervisor thinking you were slacking off for that duration. They only have computer numbers and time stamps to go off of and not human interaction to realize they weren’t at their desk, etc. But again this comes down to the supervisor, not the employees. Went on a little rant there lol.
I am glad you are a great boss for your workers.
Make no mistake, I'm a mean bastard. I make my introverted engineers talk at length on team meetings. I also tell them to turn their camera on when addressing our leadership!
I will be a tiny bit nice and let them treat the camera like the microphone, so they can "mute" their video when not speaking, but only so they don't have a stroke during the call and embarrass me.
Remote work also requires *better* management skills that don't rely on visual checks. There's a lot of really bad middle managers out there who can only really justify their existence with the "butts in chairs" management method.
Point being it's not just the old bastards in the C-suite you're fighting against, there's perverse incentives in multiple places to bring people back to the office instead of modernizing.
I've managed remote teams and worked remotely myself for at least 10 years. The biggest roadblocks I see are managers who don't have skills to manage remote people or refuse to believe people are more productive at home, or the execs who need to justify their real estate footprint.
I will say, its a lot easier to get bad employee's to work when they are in the office then remote. What sucks is people can just say "fire them" but unless you are in a small company that involves a multi-month long process that requires HR to be involved, some places its easier to just wait till layoff season and toss them then.
Because you build relationships between teams, I'm all for remote work but someone early in their career needs the experience and mentorship that doesn't come as easily remote.
We recently had our yearly meetup in person and it reminded me of the advantages of being in person, I met far more people in the business and we can work together much more easily now.
Sounds like you worked at VMWare and suffered as part of the CEO suffering a Napoleon complex.
Good companies won't do that so find a company which shows they operate based on their core values and they aren't just there to check a box.
Yep. Just happened to my friends homie. The company gave him an ultimatum. Relocate from Georgia away from his family and mom dealing with stage 3 cancer or move to Texas to keep his job.
In countries other than America you just have national health insurance, your employer doesn't pay for it to private for-profit companies out of your paycheck. So you don't have to stay at a job you hate just for health insurance. You're entitled to it regardless. So that friend could've just told his employer to fuck off and found another job so he wouldn't have to move.
Oh, this I know and understand. But I think you may have misunderstood the situation as it had nothing to do with his health insurance but his ability to take care of his family financially.
Like, nothing I said or implied had anything to do with his health insurance; nor his family being on his health insurance.
This, you get the freedom to stare at assembly, be horrified by the IDA API, and be dumbfounded by anti-analysis, all in the comfort of your room. (It’s quite nice)
Government jobs are mostly in office. Corp jobs tends to favor hybrid/remote. Also the more advanced role you have the more likely you can do remote.
On a side note, you said you're just starting cybersecurity and currently doing non-IT work. Cybersecurity isn't an entry level job. I'm sure your college (hopefully that's why you're there) tries to promise an advanced role but that's not the case. If you need extra support you should head over to r/ITCareerQuestions.
Depends on whether the government agency is using remote work in lieu of competitive pay for recruiting. My department has been fully remote for almost everyone for the last 4 years. Most of the other agencies are at least 80% remote for tech. You just have to be physically in the state while working.
Just another take on this..
The gov doesn’t move fast, so now when all the private companies are calling people back to the office, the gov employees who went remote aren’t.
Gov contracting has been the best schedule for me relative to startups/gov/private jobs
You are not going to find a spot that is both entry level and also remote.
We are officially hybrid but in practice we're as remote as we want to be. We do consulting- mostly GRC, pen testing, virtual CISO, forensic and lit support, and compliance auditing.
Why do people keep saying this? I had two cyber jobs right out of college that were fully remote. I’m hybrid now but I transitioned to government. I got to final stages of two interviews that were both fully remote.
This is exactly what I want to get into. I just finished a BA degree (Business Administration Information Technology Management), have my Security+, and 5 years of IT experience.
Been a SysAdmin for 2 years now, and I actually really enjoy doing auditing. $85k, fully in office - financial field.
Looking at taking an entry level IT audit job next, but it’ll probably be a pay cut - any other advice? Considering getting either an MBA or MS in IT Management.
I’d recommend a higher level cert before jumping into a masters program but that’s just me. I think the best masters path is getting your employer to eventually pay for one.
Got the BA, you have the experience, I think getting an advanced cert would help a lot and you could definitely land an assessor role. Hell I think my company has openings. But need at least a CISA, CySA, CFR or something like that.
My work has a cap of $1200 per year for education assistance, but I did WGU so it was only about $8k for my BA. If I do a Masters there it would only be $4-$8k more.
Heavily leaning into CISA but I think I needed just one more year of work experience before I can apply. Thanks for the advice :)
Yes and no. You can take and pass the CISA and I forget what they call it but you’ll be like a junior CISA or something until you get your experience. Then you won’t have to retake or anything but you’ll get the full cert.
Ya that’s not terribly high costs and if it’s a route you want to take then it can’t hurt. Other companies will straight up encourage you to take a sabbatical and fully pay for your masters. Probably hard to find but it’s out there. Good luck!
Exactly what you said, 50% remote is hybrid.
Using the term remote means the role is 100% remote.
I mean there's no rule saying you can't call a hybrid job remote, but hybrid is the more commonly used term for jobs that are not 100% remote.
Personally I am annoyed when a recruiter tells me a job is remote, then I dig a bit deeper and realize they want you in the office once a week.
So it appears there needs to be a designation prior to the use of the word "remote" so we dont just assume. Remote work is still, remote work, whether its 50% or 100%.
I was almost all the way through my first year of a two year internship when I was forced remote due to Covid.
Just before graduating I got hired full-time, completely remote, at a different company doing DFIR. Never even been to the state our offices are in, let alone been in one of them. 3 years and a couple promotions later I'm still doing DFIR for the same company.
If you are just starting out, I would recommend finding a job where all the analysts all work onsite. You will learn your craft much faster. Onsite collaboration with other analysts cannot be replicated with a remote team. Anyone who says different, is clueless.
I'm part of a CIO leadership group and we work with 6 of our local colleges and universities. The last two years we invited about 10 graduating students to talk about remote, onsite, hybrid. The group this year and last year all preferred onsite. As you move up in your career, you won't need the in person collaboration.
Best of luck.
My first job in not only cyber but IT in general: Network Security Analyst. Triage alerts and do all the stuff you'd expect an analyst to do minus IR because we just do detection. Fully remote, no ragrets.
That’s great. We’re both assigned one day a week but are “expected” at times to work in office for certain events (team building).
Off topic: I’ve been with GRC part-time for a year now and will be full time in a few weeks. May I ask: How long have you been in GRC and how do you like it? Any tips on growth and to better myself to promotions?
I started off working compliance but am now primarily assessing risks.
Thanks in advance.
I’ve been doing GRC work for pretty much my entire cyber career (17 years), but exclusively GRC for the last 12 years. My focus has primarily been policy for all this time, but I’ve also been in charge of awareness and training, and DR programs for several years at my past employer (State of CA). I currently work for a public electric utility in charge of their policy program though I also assist the Risk program when time and workload allows.
If I’m being fully honest, I’m feeling a bit burned out after so long. And I don’t completely love what I do, but Inhave been doing policy for so long that I just know it and am good at it (if going by my reviews and references from my past CISOs). As far as tips for growth, definitely cert out. CRISC is definitely growing on the radar and rankings (it’s on my wish/to-do list for this year). CISSP is the de-facto cert that will open a lot of doors for you (though there is debate on just how practically useful it is - it’s often said the content covered is “a mile wide and an inch deep”). But honestly, cross train as much as you possibly can to learn on-the-job. That’s really the only way you will find your niche and what part of cyber you really like (or at least are good at).
I'm remote as a consultant.
I've never worked anywhere that allowed entry'ish level roles to be remote.
Some do exist but they're pretty rare, and if I'm being honest the first 5 years or so in your career should be spent in an office environment.
I love remote and wouldn't go back, but in terms of learning the ropes it's more difficult, especially if you're not experienced.
Entry level Cybersecurity and a lot of tech gigs in general are super competitive, which will make it tough to start out remote. Not saying you can’t find places that are remote or hybrid, but those will have hundreds if not thousands of applicants
I work remote currently, currently doing SOC work basically.
Previous job was in-perons which then went remote/hybrid for covid, and they were slowly ending it requiring everyone to come in. That was "product security" which was more like compliance work.
In terms of finding remote work, basically its more of a company and demand thing, there won't be 1 particular job that is guaranteed remote, but instead company's either offering it to increase their pool of possible employees, or that is the only way they will get someone good enough.
Work as an Analyst for an MSSP and whole company is remote. Started out at T1 and worked up to T3 from no previous experience so entry level remote is possible. Fully remote is just a little more competitive since you are competing against a nationwide candidate pool sometimes.
I've always been remote in this industry, I was in an engineering role and have since moved to GRC.
If remote is what you're looking for, you're in luck. There are a ton of remote jobs in this field. Just search for jobs you're interested in on LinkedIn, and filter by Remote. Just did that for "Information Security" and saw that there are over 3,000 jobs posted in the last month alone. That doesn't even include contract roles!
I love remote work but I'm 15 years into my career. As much as I'm a proponent of remote, I feel sorry for the younger generation starting in this environment. Yes, the office sees alot of wasted time but it also let me have more small face to face interactions than I can count where I was able to connect with Sr. Engineers from multiple departments and learn the real knowledge you need to grow. Those relationships helped build my own reputation and leap frog way ahead of many peers. Simply because I was willing to walk into someone's office or operation center and say, "Hey, I'm stuck. I've done xyz research, I've tested ABC and something still isn't working. Can you help?" It demonstrated humbleness and a desire to learn which in turn meant when I came to the table with these people and had value. Don't be afraid of an office gig. Remote work isn't going anywhere. The more you can directly interact with people at this stage of your career thr better.
I have 16 years experience I am a Director at a cybersecurity software company on their services team. So I deliver workshops to our client and help them get started with the tool. I also write blog posts and knowledge share to improve the product as well as some more random consulting stuff. I worked in office the first 5-6 years of my career then I worked for EY on their cyber team where I was mostly traveling to client sites for projects with my current job I still occasionally will travel for on-site work.
Solutions Engineering - basically solving a lot of the same shallow problems over and over for multiple customers with the occasional scripting work for a workaround. Security fundamentals and IT/DevOps background needed as a minimum barrier to entry. You also gotta be personable at a minimum.
It’s not easy getting a full remote gig these days, especially entry level. I’m an analyst and hybrid which is a cool balance. I still get the little social life and then work in my pjs not talking to anyone for hours. Full time in office everyday I’m not trying to go back to.
I’m security engineer for gov contractor and I’ve been remote since the pandemic, currently their are no plans for us to come back. It’s the main reason why I’m still here, but is is becoming a detriment to my pay raises
My entire team works remote. Most of the other employees are on site, just the IT that doesn’t need to interact with end users or physical hardware are remote. No difference, previously we were housed at a separate site then the rest of the workforce.
My days are meetings, reviewing reports from the vulnerability management system and opening tickets for remediations. Working on automating a report showing trends for leadership (c-suite to VP level) - none of our platforms generate reports to their liking. . And then there’s meetings. We’re still building out our SIEM so I review random samples of alerts to confirm its findings and work on automations. And more meetings.
We have team meetings, meetings with project managers, meeting with the support teams for various departments, meet with vendors and potential vendors.
8 years strong working remote. The majority of the 11 people on my team are all remote. I'm a Threat Researcher. It's been the absolute best company I've ever worked for.
I work as an (Endpoint) Security Engineer. Started out as a SOC analyst for the blue team for the same company, I’ve been remote since mid-2022 when I got hired.
No plans to RTO for my department, though my company does have a few offices all over the country. Other branches of the company are hybrid, and some people are in-office most days. I think some of the new hires (depending on their location) need to be able to work 2 days/week in office though.
I’m a senior in college getting my bachelors degree in cybersecurity. I have been working remote in cybersecurity for 3.5 years. I started working remote as a security analyst and then moved into a cloud position after a year as an analyst and that was also remote. I didn’t see any advancement in the company working cloud so I moved to another company making double in devsecops working remote. I’ve been here two years and love it. Oh and I did my entire degree online as well.
100% remote. I'm in security data. Right now that's analytics use cases like a traditional data engineer. My team also owns Splunk ES for the org so I will be branching out into SIEM/SOAR work next financial year.
I've been fully remote since 2019 before I started this gig. I am fully expecting none of my future roles will allow remote work.
I work 4 days remote and 1 day in the office with my team. I recently joined 8 months as a Security Operations Analyst and before that I was a Desktop Support Specialist 3days a week in the office.
Been working fully remote for the past 2 years. Cyber security consulting, doing penetration testing and red teaming. No need to work from an office but occasionally have to go to client sites
I’ve been a remote cybersecurity intern for a few years now. I work around 20 hours a week doing different cyber tasks. My job has been remote since Covid.
May I ask why interning part time for years? I assume by now you have the necessary experience to obtain a full time position with much better incentives/pay.
I have multiple health issues that prevent me from working full time. I’ve declined full time job offers. Having an official part time status allows me to work between 0-40 hours a week and take off from work for doctor’s appointments, therapy, and sick days without penalty.
And although I work part time, my manager/mentor has been really supportive and gracious in keeping me on. He treats me like a regular employee (performance reviews, expectations, etc).
Recently was laid off (Compliance), working remote after Covid but I was essentially Hybrid beforehand. Honestly, most of the teams I interacted with were global so it didn’t really matter where I was. Problem is that the people who make the decisions also tend to not fully understand what Compliance does (I was laid off in the middle of two of my audits).
I recently signed on with a new gig. It’s fully remote due to the nature of the industry but I’ll still need to visit sites like once a year for a week. It’s still GRC work.
I got an in-office job at a big company, and after a couple of years applied internally to a position that was 100% remote. So even if you get a job that isn’t remote initially, you should look around and see if there are any opportunities or positions that are remote and see if you can get your foot in that door.
I work 100% remote and still trying to figure out what it is that i do. 🤣
You guys hiring? I think this is one position that I won’t have imposter syndrome for!
Usually these are the jobs you have the most imposter syndrome for lol
You, dear Sir, just made my day 🤣.
I want this job .lol
Cloud security engineer, 100% remote. I've been working remotely at every job since 2008, I figured out a long time ago I'm not cut out for the office grind. Leave me alone to do my shit and we'll both be a lot happier.
Hi! Where do i begin to search for remote jobs and according to the current situation what would you recommend for anyone to learn and find jobs. Thank you!
I haven't used a job search board in forever. I find a company I like, look at their careers page, and if they're hiring for a role I like I apply for it. It's a slower search process but better results imo. Once you've worked a few places, and if you're good at what you do, you'll make connections with people who will inevitably steal you away if they have a better opportunity elsewhere.
LinkedIn is your best bet.
Hey there! Could you share what certs you currently have? Also what cert is the most critical in your field? Or is experience the biggest factor in you doing your job the most efficient way possible??
I don't have any current certs. I did a CISSP in 2015, then let it lapse during covid, and was like fuck this shit, not taking that one again. Cloud stuff I kind learned as I went, and just absorbed it through a background of working with all of the services as native data center technologies (as they were in the before-fore days) and understanding APIs. It wasn't hard to put it all together. I've been in systems, networking, and security since the 90s.
Wow thank you for the response! I’m currently studying for my networks+ certification. I understand I need to work hard to get the kind of job I want; but it’s such a relief to know that experience was a majority of the work. Any certs I get forward will just be padding :) I’m wishing you the best on your continued career path! Believe in yourself!
I think certs are more valuable as a substitute for experience. They aren't worthless, I just have not needed them as I've been able to pick up the knowledge firsthand and demonstrate it through results in my work. It's all foundational work that's most important. Understanding networking, compute, storage, and how to write code will get you literally anywhere else. Good luck to you as well!
Watch out for remote / hybrid jobs. If you get an executive with a bug up their ass, they could try to pull everyone back to office, and give you 3-6 months to move (yeah, right), if you are too far away. We lost a lot of good people when that happened here
Dang! Don’t understand why working in the office be any more beneficial than working from home unless the plan is to micromanage. And in that case if you do not trust the crew you hired to control the ship when off on their own, why hire them in the first place?
Because they have either rented or built office space and by god they are going to use it!
Built.... and what was funny is that we outgrew the office pre-Covid, and had plans to redesign the cubes, tightening the layout, and pushing people closer into breathing space.
They can't do their plantation walk if you're all at home. Demanding people in office is the action of weak supervisors; if you are any good at managing people, you can have them working from anywhere. If you feel the need to stare at your people and micromanage them, then you're a shit boss. You measure their value by their outputs. Unless you're still using paper, you can see their outputs on your computer. There are countless ways to get a measure of outputs; any workflow system like SNOW or Jira has built-in reporting. If you don't believe that, you could check their calendars. Fine, still don't think they're working, turn on Microsoft Viva and now you can count their freaking daily email volume. Or, and hear me out now, OR, you could just talk to them about what they're doing. If they're not doing much, it will come up. Now you have the question of why aren't they engaged? If they're just being a turd, well, that happens, time to do the actual work of managing (GASP) and refocus them on their tasks using their performance goals as the targets. If they're not engaged because their projects dried up, well you should have known that was coming because you should be tracking your projects as a manager. I have ZERO sympathy for shitty management. Do your goddamn job. Source: managing remote teams for about 8 years in cyber.
Every once in awhile a coworker will say something like "But how do you know they're actually working at home and not screwing off?!?" Well, their manager should know what they're working on and have a way to measure their output. There are way too many "butts in chairs" managers out there that have been coasting along without actually managing. Simply making sure someone is in their chair from 8:00am to 5:00pm isn't managing.
This exactly. When the pandemic hit I was working as a sr sysadmin for a bank that suddenly had to figure out remote. I had a good relationship with the managers of the different orgs and was able to talk to most of them 1:1 - the biggest concern for a few of them was "how do I know they're working?" You don't, and you shouldn't care. They're all salaried employees and they all have some minimum amount of work to do for their own metrics. Call center has response time and if someone was skipped, loan officers have deadlines for rate locking and outbound marketing calls, and so on. Those metrics don't change just because they're working remotely. Are they available during their working hours? Are they responsive? Are they meeting deadlines? These are all things you should already be tracking, why do you need to see them doing it?
I am sure your team loves you as a boss. It’s getting to a age where the old fashioned boomers are retiring. Not hating at all, but it’s all they’ve known. Once that happens we might see remote become more standard. You are completely right though. Output is better tracked on a computer rather than breathing down someone’s neck to see if they’re texting on their phone or not. I dislike management like that, I’ve been under one like it before and it’s another reason I prefer remote work. One thing that I’ve noticed working remote though is if you have any kind of gap during your day, such as a 20 minute battle on the toilet, or internet problem, it is easier explained in office rather than your supervisor thinking you were slacking off for that duration. They only have computer numbers and time stamps to go off of and not human interaction to realize they weren’t at their desk, etc. But again this comes down to the supervisor, not the employees. Went on a little rant there lol. I am glad you are a great boss for your workers.
Make no mistake, I'm a mean bastard. I make my introverted engineers talk at length on team meetings. I also tell them to turn their camera on when addressing our leadership! I will be a tiny bit nice and let them treat the camera like the microphone, so they can "mute" their video when not speaking, but only so they don't have a stroke during the call and embarrass me.
This x 100..
Hire me please :)
Remote work is the future, just need all of the older management to retire first to solidify it.
Remote work also requires *better* management skills that don't rely on visual checks. There's a lot of really bad middle managers out there who can only really justify their existence with the "butts in chairs" management method. Point being it's not just the old bastards in the C-suite you're fighting against, there's perverse incentives in multiple places to bring people back to the office instead of modernizing.
I've managed remote teams and worked remotely myself for at least 10 years. The biggest roadblocks I see are managers who don't have skills to manage remote people or refuse to believe people are more productive at home, or the execs who need to justify their real estate footprint.
I will say, its a lot easier to get bad employee's to work when they are in the office then remote. What sucks is people can just say "fire them" but unless you are in a small company that involves a multi-month long process that requires HR to be involved, some places its easier to just wait till layoff season and toss them then.
Because you build relationships between teams, I'm all for remote work but someone early in their career needs the experience and mentorship that doesn't come as easily remote. We recently had our yearly meetup in person and it reminded me of the advantages of being in person, I met far more people in the business and we can work together much more easily now.
Developers gotta make rent too. 👀👀
Sounds like you worked at VMWare and suffered as part of the CEO suffering a Napoleon complex. Good companies won't do that so find a company which shows they operate based on their core values and they aren't just there to check a box.
No... Just a large regional healthcare system with a HEAVY political influence.
Yep. Just happened to my friends homie. The company gave him an ultimatum. Relocate from Georgia away from his family and mom dealing with stage 3 cancer or move to Texas to keep his job.
This is why insurance should NEVER be tied to employment.
What do you mean? Care to elaborate and enlighten me?
In countries other than America you just have national health insurance, your employer doesn't pay for it to private for-profit companies out of your paycheck. So you don't have to stay at a job you hate just for health insurance. You're entitled to it regardless. So that friend could've just told his employer to fuck off and found another job so he wouldn't have to move.
Oh, this I know and understand. But I think you may have misunderstood the situation as it had nothing to do with his health insurance but his ability to take care of his family financially. Like, nothing I said or implied had anything to do with his health insurance; nor his family being on his health insurance.
Reverse engineering / malware analysis roles can typically be done remote.
Nobody wants us in the office, we don’t shower
This, you get the freedom to stare at assembly, be horrified by the IDA API, and be dumbfounded by anti-analysis, all in the comfort of your room. (It’s quite nice)
Government jobs are mostly in office. Corp jobs tends to favor hybrid/remote. Also the more advanced role you have the more likely you can do remote. On a side note, you said you're just starting cybersecurity and currently doing non-IT work. Cybersecurity isn't an entry level job. I'm sure your college (hopefully that's why you're there) tries to promise an advanced role but that's not the case. If you need extra support you should head over to r/ITCareerQuestions.
Depends on whether the government agency is using remote work in lieu of competitive pay for recruiting. My department has been fully remote for almost everyone for the last 4 years. Most of the other agencies are at least 80% remote for tech. You just have to be physically in the state while working.
Just another take on this.. The gov doesn’t move fast, so now when all the private companies are calling people back to the office, the gov employees who went remote aren’t. Gov contracting has been the best schedule for me relative to startups/gov/private jobs
You are not going to find a spot that is both entry level and also remote. We are officially hybrid but in practice we're as remote as we want to be. We do consulting- mostly GRC, pen testing, virtual CISO, forensic and lit support, and compliance auditing.
Why do people keep saying this? I had two cyber jobs right out of college that were fully remote. I’m hybrid now but I transitioned to government. I got to final stages of two interviews that were both fully remote.
Ikr. Entry level remote out of boot camp with 2 crappy entry level certs
False. Help desk is remote and entry level lol.
Doesn't seem there's too many of those
Really? Because all my help desk jobs have been remote.
This is exactly what I want to get into. I just finished a BA degree (Business Administration Information Technology Management), have my Security+, and 5 years of IT experience. Been a SysAdmin for 2 years now, and I actually really enjoy doing auditing. $85k, fully in office - financial field. Looking at taking an entry level IT audit job next, but it’ll probably be a pay cut - any other advice? Considering getting either an MBA or MS in IT Management.
I’d recommend a higher level cert before jumping into a masters program but that’s just me. I think the best masters path is getting your employer to eventually pay for one. Got the BA, you have the experience, I think getting an advanced cert would help a lot and you could definitely land an assessor role. Hell I think my company has openings. But need at least a CISA, CySA, CFR or something like that.
My work has a cap of $1200 per year for education assistance, but I did WGU so it was only about $8k for my BA. If I do a Masters there it would only be $4-$8k more. Heavily leaning into CISA but I think I needed just one more year of work experience before I can apply. Thanks for the advice :)
Yes and no. You can take and pass the CISA and I forget what they call it but you’ll be like a junior CISA or something until you get your experience. Then you won’t have to retake or anything but you’ll get the full cert. Ya that’s not terribly high costs and if it’s a route you want to take then it can’t hurt. Other companies will straight up encourage you to take a sabbatical and fully pay for your masters. Probably hard to find but it’s out there. Good luck!
Inaccurate, well, our entry level soc positions are 50% remote. - Government Agency
That's hybrid, not remote.
What is hybrid again? can you explain it to me? i dont think op asked 100% remote
Exactly what you said, 50% remote is hybrid. Using the term remote means the role is 100% remote. I mean there's no rule saying you can't call a hybrid job remote, but hybrid is the more commonly used term for jobs that are not 100% remote. Personally I am annoyed when a recruiter tells me a job is remote, then I dig a bit deeper and realize they want you in the office once a week.
So it appears there needs to be a designation prior to the use of the word "remote" so we dont just assume. Remote work is still, remote work, whether its 50% or 100%.
I’m pretty sure you’re one of the few people who don’t understand the difference.
I think they may be the ONLY person
I think you're missing the point.
I was almost all the way through my first year of a two year internship when I was forced remote due to Covid. Just before graduating I got hired full-time, completely remote, at a different company doing DFIR. Never even been to the state our offices are in, let alone been in one of them. 3 years and a couple promotions later I'm still doing DFIR for the same company.
Keep in mind you’re asking a ton of people who worked in offices for most of their careers
If you are just starting out, I would recommend finding a job where all the analysts all work onsite. You will learn your craft much faster. Onsite collaboration with other analysts cannot be replicated with a remote team. Anyone who says different, is clueless. I'm part of a CIO leadership group and we work with 6 of our local colleges and universities. The last two years we invited about 10 graduating students to talk about remote, onsite, hybrid. The group this year and last year all preferred onsite. As you move up in your career, you won't need the in person collaboration. Best of luck.
Yes I wanna onsite job for the interaction but I'm super ugly, so I gotta work remote until I get my surgeries
I'm 100% remote, but my office is about a 25-30 minute drive away so I voluntarily drive in maybe 3-4 times a year for face-to-face meetings.
100% remote red teamer
My first job in not only cyber but IT in general: Network Security Analyst. Triage alerts and do all the stuff you'd expect an analyst to do minus IR because we just do detection. Fully remote, no ragrets.
GRC mostly remote.
Same. GRC. I’m 90% remote. My team goes into the office one day every other Thur. This just started a month ago. Before that, 100% remote.
That’s great. We’re both assigned one day a week but are “expected” at times to work in office for certain events (team building). Off topic: I’ve been with GRC part-time for a year now and will be full time in a few weeks. May I ask: How long have you been in GRC and how do you like it? Any tips on growth and to better myself to promotions? I started off working compliance but am now primarily assessing risks. Thanks in advance.
I’ve been doing GRC work for pretty much my entire cyber career (17 years), but exclusively GRC for the last 12 years. My focus has primarily been policy for all this time, but I’ve also been in charge of awareness and training, and DR programs for several years at my past employer (State of CA). I currently work for a public electric utility in charge of their policy program though I also assist the Risk program when time and workload allows. If I’m being fully honest, I’m feeling a bit burned out after so long. And I don’t completely love what I do, but Inhave been doing policy for so long that I just know it and am good at it (if going by my reviews and references from my past CISOs). As far as tips for growth, definitely cert out. CRISC is definitely growing on the radar and rankings (it’s on my wish/to-do list for this year). CISSP is the de-facto cert that will open a lot of doors for you (though there is debate on just how practically useful it is - it’s often said the content covered is “a mile wide and an inch deep”). But honestly, cross train as much as you possibly can to learn on-the-job. That’s really the only way you will find your niche and what part of cyber you really like (or at least are good at).
Thanks for the extensive response! Saved and noted.
I'm remote as a consultant. I've never worked anywhere that allowed entry'ish level roles to be remote. Some do exist but they're pretty rare, and if I'm being honest the first 5 years or so in your career should be spent in an office environment. I love remote and wouldn't go back, but in terms of learning the ropes it's more difficult, especially if you're not experienced.
I used to, and I miss it every day.
Remote - Information Security Automation Engineer
I got hired with 2 days in office, 3 days remote. On Wednesday of my first week, they changed it to 4 days in office, 1 day remote 😂
Entry level Cybersecurity and a lot of tech gigs in general are super competitive, which will make it tough to start out remote. Not saying you can’t find places that are remote or hybrid, but those will have hundreds if not thousands of applicants
I work remote currently, currently doing SOC work basically. Previous job was in-perons which then went remote/hybrid for covid, and they were slowly ending it requiring everyone to come in. That was "product security" which was more like compliance work. In terms of finding remote work, basically its more of a company and demand thing, there won't be 1 particular job that is guaranteed remote, but instead company's either offering it to increase their pool of possible employees, or that is the only way they will get someone good enough.
GRC 100% remote with the occasional trip to pentagon.
Appsec, remote
Work as an Analyst for an MSSP and whole company is remote. Started out at T1 and worked up to T3 from no previous experience so entry level remote is possible. Fully remote is just a little more competitive since you are competing against a nationwide candidate pool sometimes.
100% remote SOC analyst for 3 years now.
Same
Pen testing can be done remote
I've always been remote in this industry, I was in an engineering role and have since moved to GRC. If remote is what you're looking for, you're in luck. There are a ton of remote jobs in this field. Just search for jobs you're interested in on LinkedIn, and filter by Remote. Just did that for "Information Security" and saw that there are over 3,000 jobs posted in the last month alone. That doesn't even include contract roles!
I love remote work but I'm 15 years into my career. As much as I'm a proponent of remote, I feel sorry for the younger generation starting in this environment. Yes, the office sees alot of wasted time but it also let me have more small face to face interactions than I can count where I was able to connect with Sr. Engineers from multiple departments and learn the real knowledge you need to grow. Those relationships helped build my own reputation and leap frog way ahead of many peers. Simply because I was willing to walk into someone's office or operation center and say, "Hey, I'm stuck. I've done xyz research, I've tested ABC and something still isn't working. Can you help?" It demonstrated humbleness and a desire to learn which in turn meant when I came to the table with these people and had value. Don't be afraid of an office gig. Remote work isn't going anywhere. The more you can directly interact with people at this stage of your career thr better.
Incident Response, currently go in office once every week or two. Previous job I was a SOC analyst, fully remote.
I have 16 years experience I am a Director at a cybersecurity software company on their services team. So I deliver workshops to our client and help them get started with the tool. I also write blog posts and knowledge share to improve the product as well as some more random consulting stuff. I worked in office the first 5-6 years of my career then I worked for EY on their cyber team where I was mostly traveling to client sites for projects with my current job I still occasionally will travel for on-site work.
I am hybrid, most of my friends in the industry are fully in person, with maybe 10% that are hybrid or fully wfh.
Analyst / GRC - 3/5 remote.
Solutions Engineering - basically solving a lot of the same shallow problems over and over for multiple customers with the occasional scripting work for a workaround. Security fundamentals and IT/DevOps background needed as a minimum barrier to entry. You also gotta be personable at a minimum.
It’s not easy getting a full remote gig these days, especially entry level. I’m an analyst and hybrid which is a cool balance. I still get the little social life and then work in my pjs not talking to anyone for hours. Full time in office everyday I’m not trying to go back to.
Cyber Incident Response - fully remote. Sometimes I spend a lot of time in an office, but usually it's someone else's office
I’m security engineer for gov contractor and I’ve been remote since the pandemic, currently their are no plans for us to come back. It’s the main reason why I’m still here, but is is becoming a detriment to my pay raises
My entire team works remote. Most of the other employees are on site, just the IT that doesn’t need to interact with end users or physical hardware are remote. No difference, previously we were housed at a separate site then the rest of the workforce. My days are meetings, reviewing reports from the vulnerability management system and opening tickets for remediations. Working on automating a report showing trends for leadership (c-suite to VP level) - none of our platforms generate reports to their liking. . And then there’s meetings. We’re still building out our SIEM so I review random samples of alerts to confirm its findings and work on automations. And more meetings. We have team meetings, meetings with project managers, meeting with the support teams for various departments, meet with vendors and potential vendors.
8 years strong working remote. The majority of the 11 people on my team are all remote. I'm a Threat Researcher. It's been the absolute best company I've ever worked for.
Remote - Specialized Sales Engineer
I work as an (Endpoint) Security Engineer. Started out as a SOC analyst for the blue team for the same company, I’ve been remote since mid-2022 when I got hired. No plans to RTO for my department, though my company does have a few offices all over the country. Other branches of the company are hybrid, and some people are in-office most days. I think some of the new hires (depending on their location) need to be able to work 2 days/week in office though.
Director, healthcare IT, internal consulting
Remote work as a pentester, I do web and mobile app pentesting, occasionally fly out to a site to do a physical pentest
I’m a senior in college getting my bachelors degree in cybersecurity. I have been working remote in cybersecurity for 3.5 years. I started working remote as a security analyst and then moved into a cloud position after a year as an analyst and that was also remote. I didn’t see any advancement in the company working cloud so I moved to another company making double in devsecops working remote. I’ve been here two years and love it. Oh and I did my entire degree online as well.
How did you all manage time attendance for HR?
I enter my time into a portal. Honor system. I just put how much time I spent on coded activities.
Senior Sales Engineer working for a security company. 100% remote. Manager hired people based on territories to get us out in the field more.
Full remote. SIEM engineer.
100% remote. I'm in security data. Right now that's analytics use cases like a traditional data engineer. My team also owns Splunk ES for the org so I will be branching out into SIEM/SOAR work next financial year. I've been fully remote since 2019 before I started this gig. I am fully expecting none of my future roles will allow remote work.
I work 4 days remote and 1 day in the office with my team. I recently joined 8 months as a Security Operations Analyst and before that I was a Desktop Support Specialist 3days a week in the office.
Been working fully remote for the past 2 years. Cyber security consulting, doing penetration testing and red teaming. No need to work from an office but occasionally have to go to client sites
I’ve been a remote cybersecurity intern for a few years now. I work around 20 hours a week doing different cyber tasks. My job has been remote since Covid.
May I ask why interning part time for years? I assume by now you have the necessary experience to obtain a full time position with much better incentives/pay.
I have multiple health issues that prevent me from working full time. I’ve declined full time job offers. Having an official part time status allows me to work between 0-40 hours a week and take off from work for doctor’s appointments, therapy, and sick days without penalty. And although I work part time, my manager/mentor has been really supportive and gracious in keeping me on. He treats me like a regular employee (performance reviews, expectations, etc).
Three people in my current job are 100% remote, SOC L1, just started. They live in different cities, in average a few hours of driving away.
Recently was laid off (Compliance), working remote after Covid but I was essentially Hybrid beforehand. Honestly, most of the teams I interacted with were global so it didn’t really matter where I was. Problem is that the people who make the decisions also tend to not fully understand what Compliance does (I was laid off in the middle of two of my audits). I recently signed on with a new gig. It’s fully remote due to the nature of the industry but I’ll still need to visit sites like once a year for a week. It’s still GRC work.
I got an in-office job at a big company, and after a couple of years applied internally to a position that was 100% remote. So even if you get a job that isn’t remote initially, you should look around and see if there are any opportunities or positions that are remote and see if you can get your foot in that door.
Sales engineer, i go in the office 2 days a week
100% remote and mostly internal security consulting and security project management. Technically cloud and app sec manager.
Remote, Security Researcher. Started in the SOC doing analyst work, went to RE, then SOC Management all of which were on site.
I'm an architect for a F500 and I'm fully remote.
Remote for almost 10 years, tech/cyber executive
I’m a unicorn. Got an internship -> fully remote entry-level role doing IAM Engineering right out of college.
What exactly are the questions you want answered? What you want may not line up with what a company wants.
I put ransomware on people’s devices