Why do so many people seem to want to go into security work?
Comments
-
JoJoCal19 Mod Posts: 2,835 ModI didn't choose security, security chose me
But seriously I was doing security work before it was the cool thing, and before I really knew what security was. At my first IT job in 2005 I was a JOAT and that included IAM, firewall, etc. After that job I was working second level desktop support at a global finance firm and after a year and a half, I was approached by management that the Global Security Administration team had an opening and they were close with the manager and that I should apply. So I did and got the position. Them doing that was more because I was bored and was more capable than what I was doing in second level desktop support. After getting an actual security position I became more aware about security, obtained my Sec+, and decided that I would stay within security and make a career out of it. Since then I've obtained my CISSP, GSEC, GCIA, CEH and CHFI and have made 3 job moves and doubled my income into the six figures. Money is a huge plus, and it's a field that will not be going away or dwindling in importance.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Priston Member Posts: 999 ■■■■□□□□□□Doesn't anyone watch TV? Security professionals can be super heroes! I've always wanted to be a super hero.A.A.S. in Networking Technologies
A+, Network+, CCNA -
TechGromit Member Posts: 2,156 ■■■■■■■■■□Iristheangel wrote: »
Humans, Bah! who needs them. I wonder if Skylabs was a security program, get rid of all the humans, all the cyber security problems solved.Still searching for the corner in a round room. -
OctalDump Member Posts: 1,722Number one reason: It's sexy. Staring at screens of green text and saying things like "We're in!" (although some of us say that when we enter our PIN to use an ATM)
I think also it pays well - which is nice - and it's sort of senior in a way: you get to tell other people how they should do their job, but largely you aren't actually accountable for how they do their job.
It also pulls together a lot of IT skills, so if you like the bigger picture and how infrastructures work, it can be interesting.
It also offers a path out of the grind of keeping up with technologies: you don't have to know all the nuances of the latest MS operating system, or know all about minutiae of networking protocols. You can get yourself a nice management job, write policy and delegate, and not have to worry that they've changed the commands to configure OSPF on the 1941 IOS 15.4.2017 Goals - Something Cisco, Something Linux, Agile PM -
cyberguypr Mod Posts: 6,928 ModSexy? Heck yeah! Want proof? Check out the latest footage of me doing my InfoSec magic:
https://i.imgur.com/c73ZSAs.gifv
http://i.imgur.com/zALURXu.gifv -
NOC-Ninja Member Posts: 1,403Hey OP why work anyway? It's stressful
More money > more responsibilities > stress level = HIGH -
Winzer Member Posts: 32 ■■□□□□□□□□I think a lot of people are going for Sec jobs because they cannot be outsourced, unlike just about every other IT jobs.
-
Danielm7 Member Posts: 2,310 ■■■■■■■■□□I think a lot of people are going for Sec jobs because they cannot be outsourced, unlike just about every other IT jobs.
Sure they can, in some industries you don't want to, but lots of companies use MSSPs for their security work. -
Iristheangel Mod Posts: 4,133 ModYou're 100% spot on, Danielm7. Somewhat onpoint: If I recall correctly, I believe that "Evil Corp" in Mr Robot even outsourced their security to Elliott's firm (Allsafe).
-
[Deleted User] Senior Member Posts: 0 ■■□□□□□□□□OP, as anyone here will tell you, security is in tiers. From physical layer to application layer of OSI, if one layer is not accounted for, the whole thing doesn't matter. As everyone here is saying, there is no such thing as 100% secure. However, it can be prevented with end user training for things like social engineering to phishing and certain IT departments have different tiers of security. Not all security areas are hacking/cyber security. For example, I work in Access Controls Identity and access management. Yes it is security, but not the penetration tester side of security. Ex: If you manage Active Directory groups and delete expired AD accounts or unused AD accounts, this can prevent someone from gaining access to the account and not have someone escalate their privileges that a penetration tester may be able to pick up on through a pen test. Hopefully that makes sense but all the different IT security divisions work together directly/indirectly to mitigate risk. Also, companies also have to accept risk as well. If you want to learn more about security and what you are looking at, consider picking up a book on Risk management/assessment as most of you question will probably be answered there. Hope this helps.