A career in cybersecurity - is it a good choice ? Discuss

A career in cybersecurity - is it a good choice ? Discuss

Answer me you fagets

If you're actually smart and have good social skills, then yes, infosec is a great career that you can make absolute bank off of.

Thanks man! There's an interesting IT cybersecurity conversion Master's at a very good uni in my city, and I have been thinking a lot about it. May I ask why social skills in particular?

Specifically for social engineering. A lot of entry points in cyber security come from the human element, so being able to interact, guide and manipulate people is key.

Don't listen to 95% of the time you need good social skills because a huge portion of working in infosec is communicating with clients and the end users. Whether that be project specifications, gathering information, or ATE, you need to be able to talk to people without spilling your spaghetti.

The only time you would ever need good social skills for social engineering is when doing a pentest, and even then, most pentest social engineering is done through emails.

>need good social skills to interact with people
No shit, you just described a basic requirement to 90% of the jobs out there and it doesn't even relate specifically to cyber security.
Disregard the social engineering aspect? If you think all social engineering is done through email, you're sorely mistaken and in some organisations this thought path would even consider you a liability.

>it doesn't even relate specifically to cyber security
You have to communicate with the end user more in infosec than any other field of information technology or computer science.

> If you think all social engineering is done through email
Except I didn't say that, you fuck. I said MOST. Do you really think that the majority of breaches happen because some sleezeball walks into the company headquarters and smooth talks the secretary? Obviously no. The majority of the time it's through email or other forms of digital communication.

Does cybersec even offer a good environment to work in?

From the outside it seems like there are 2 kinds of cybersec pros
1. Turbonerd permavirgin cyberpunk larpers who attend defcon and take hormone replacements
2. Corporate infosec wagecucks who wear uncomfortable shirts and work 16 hours a day under fluorescent lights

Yea, most turbonerds who attend the cons are complete larpers, but there is usually a few who are actually insanely smart. The smaller conferences like Bsides usually have fewer larpers and more professionals.

The best job environments are when you work for a security company that contracts out to other companies. Generally, this keeps your work new and interesting. Expect to travel if you're the guy that shows up on site to your clients to gather information or do pentests.

If you work as in an inhouse infosec specialist, yea you're gonna be fucked sitting under fluorescent lights all day.

that's a comfy operator

people think that being a pen tester is going to be fun. The reality is that you will run the same 5-6 tools over and over and then write reports for a living. It has its moments but is much more routine then anything else.

So like any job then

it is fun because you get to be creative. sure, there are repetitive tasks, but no two environments are the same so that keeps it interesting

For the most part you don’t get to be creative though. Most pen test work is just watching tools run followed by writing / generation of a report. The number of times you will get to do something interesting is surprisingly low.

This. I work as a pentester for a living, it's all automated when it comes to the "ethical hax0ring" part.

It's just paperwork that is supposed to show how you didn't waste your client's money by doing nothing when testing their security.

Kinda regret leaving my first gig as a sysadmin, even if the salary is nicer.

>All these "pentesters" claiming the job consists of running a few tools

Here's a tip, you guys are at the bottom of the chain, the tiers are as follows by my experience:
>0: Script kiddie pen-testers who consistently miss important vectors because they lack the skill to understand they need to run tons of custom solutions at each site to prevent anything above other script-kiddies
>1: Proper pen-testers that spend 2-3 months on site, protects against actual intelligent hostile agents.
>2: Physical pen-testers doing social / infosec stuff in secrecy from most of the company.
>3: "Dual" (Unsure how to translate it) pen-testers that work in teams to do both tier 1/2 work in parallel, acting as an actual hostile agents for the same 2-3 months.

Most people on this board are 0-tier and probably only do small-company security without any attention to social / physical vectors, literal bottomfeeders.
BUT that is where you start, but if you are in a good cyb-sec company you will after a year or two be promoted if you know your shit.

oh look, a MSS mossad CIA GRU larper faggot has joined us. watch as he overexaggerates blue/red team operations, which also consist of running a few tools and sending phishing emails while your dumb coworkers try defend with the clients shit.

yeah, but you gonna need good programming skills

Yeah I'm a total l33t haxxor 24/7 subletting to the FBI lel.

I'm not at all used to blue/red team operations, the whole point of pen-testing is to find the holes and plug them, 0 reasons in a serious setting to keep part of the team out of the loop. We usually use cycles wherein team A does pen-testing and implements fixes, then team B does the same and then we usually recommend them to also take in another cybsec company in case we missed anything.

And I'm just telling you how it works when you work with big-money firms, sorry if that triggered you for some reason.

Sounds comfy and easy, mundane automated tasks.

Try being in the research field instead.
Way more paperwork, less monies and I get fucked by the government every single day due to funding cuts.
I'm fucking leaving this shit and joining my country's equivalent of the "FBI" so I can do paperwork instead and just open dead niggers then write in a paper that the reason his heart stopped was because there was a hole the size of a fist from a rifle projectile.

>Hahah no you are larping we only run outdated automatic tools that's how it works for big companies
>No we don't educate the company why would we hehe cyber-security has cyber in it so its only the digital part right?
>No we don't check the physical vectors either I mean its not like serious threat agents would consider sabotage in bigger companies or just walking in and hauling out a server.

Oh boy. I think I know who's larping.

+1 for this. All the shitters running automated tools and clicking a button to generate a report are the scum of the industry and will be the ones to give cyber sec a bad name.
Everything is insecure, and you just need to hope it's the good guys who find out about it first.

Stop spouting bullshit and stop being a samefag. That's literally what mentioned. You just run tools and patch up whatever's leaking in the pipe.

Physical security is never handled by a cyber risk firm, stop working for some used cars salesmen. I work for IBM Security (IBM's infosec branch), physical security is handled elsewhere.

You're are genuinely retarded if you think pentesters are supposed to find zero days and shit in a system they are testing. Pentesters are not security researchers.

Pentesting is the fucking IT tech support of the information security sector. Want the real redpill? Get a PhD and work in cryptography; stop roleplaying, Neo.

>Physical security is never handled by a cyber risk firm
oh gee wiz user really? you mean the larpers arent blackwater mercenaries too that are ready to shoot any mong trying to come in and steal a hard drive?! what? you are using tools instead of bit banging? wooooooooowww

that picture looks comfy af

>that picture looks comfy af
True the guy on the right is wearing his tactical stuffed pajamas.

>STOP LARPING BUT I'M AN ACTUAL BIGSHOT WORKING ON THE BOTTOM FLOOR I SWEAR REEEEEEEEEEEEE
>TWO PEOPLE DISAGREEING WITH MY 1337 OPINION????? MUST BE LE EPIG SAMEFAG MEME LOL

Even if that was true, you are working for a big corporation "mass-producing" pen-testing that is usually bought by, you guessed it, small firms.
If you look at companies within big-oil, banking, metal/production industry you usually hire the same firm for physical and digital security because as you would know if you weren't larping / an actual bottom-feeder, physical and digital security go hand in hand and affect each-other, hiring two different firms for these are therefore really really stupid.
Know what you might not realise is that actual good security firms might buy reports from IBM and then utilize them in their work, but no big company just picks 5-6 different companies to work independently trust me.

just shit out exploits and sell them for dank cash

If you have to ask, you're better off getting into trucking or carpentry. Since you had to ask, you only qualify for very basic tech support jobs. Customers will abuse you, managers will abuse you, you will want to kill yourself. Please consider a different field.

I'd join the industry through a Master's conversion course. Would this still be the case?

InfoSec is hot and it's increasing in impact. With all the WannaCry and (Not)Petya attacks this year alone, business are finally pumping good coin into the industry. Businesses are increasingly hiring InfoSec professionals to keep their crown jewels safe. There's a war for talent when it comes to deep technical, but also managerial and strategic experts.

Personally, I think it's a very good time to get into InfoSec. But you have to stay on top of your game and keep developing your skill set. You need to have a clear plan on where you wanna specialise in, because InfoSec alone is very diverse and you can't be an effective jack of all trades, master of none for long.