Why are so many people attracted to the security field?

doctorlexus

I think I see more interest in IT security than anything else. But it seems like this is the section of IT with the greatest level of responsibility, and greatest chance to get your butt handed to you. You're basically saying, "Yes, I'd like to be responsible to protect against anything anyone can think of, and take the blame when it turns out I can't do it." Seems like a terrible idea in theory.

tpatt100

I think people are seeing "job reports" that are often sponsored by for profit schools or training camps showing a shortage of security people with experience.

networker050184

It goes in cycles. Whatever is "hot" at the time you'll see a bunch of people looking to hop on board to try and find better career opportunities.

techfiend

The shortage is real. I see many here that get into security early on and not like it. While many that move into security later on in their career tend to enjoy it.

I remember a post on here saying you should master systems, networks, databases or programming before moving into security. Also a career in security has a lot to do with mindset.

Pmorgan2

tpatt100 wrote: »

I think people are seeing "job reports" that are often sponsored by for profit schools or training camps showing a shortage of security people with experience.

This seems to be a big driver. Plus, the certification agencies themselves release data about IT security folks earning more money.

As for the culture, I think the media glamorizes IT security with all the talks of cyber attacks, pretty Matrix-style screens of random coding being typed at 400 wpm, and all the talks of hacking affecting politics. It feels like an exotic skill with a secure future. Maybe that sentiment is true, but the reality is not as exciting as the movies.

TheFORCE

doctorlexus wrote: »

I think I see more interest in IT security than anything else. But it seems like this is the section of IT with the greatest level of responsibility, and greatest chance to get your butt handed to you. You're basically saying, "Yes, I'd like to be responsible to protect against anything anyone can think of, and take the blame when it turns out I can't do it." Seems like a terrible idea in theory.

IT security is not a 1 man team, its a team build from different people with different skills that complement each other.

Priston

http://www.techexams.net/forums/jobs-degrees/118762-why-do-so-many-people-seem-want-go-into-security-work.html

the_Grinch

The responsibility is heavy, but at the same time you need to make an egregious error to be canned. First and foremost, as someone else pointed out, it is a team endeavor. Second, it is extremely rewarding work. Once you prove yourself in security you will find that you get a large amount of responsibility relative to what your title is. I know on a regular basis I brief high level officials on various security items and incidents as they occur. Part of that means evangelizing what we do and showing that not only was compliance meant, but that a team went above what was required.

Most executives know at this point you can't stop an attack or breach from occurring. The goal is to limit the effect of the breach and protect your core business from exposure.

The_Expert

One word... Money.

Unfortunately, that's the number one motivation for most folks. Instead of getting into an area of IT that they may really enjoy.

I've said it before, IT Security is not a glamorous field. There is a lot of responsibility, a ton of work to do, and quite a few administrative tasks. One wrong move can easily end up being a resume generating event.


P.S. Have I mentioned auditors?

JoJoCal19

I think people are attracted to InfoSec due to the way it's portrayed in entertainment and because of the money and it being the big thing right now. I agree with The_Expert, it's not a glamorous field. I have almost a decade of combined InfoSec experience across multiple domains/areas, and I'm quite frankly tired of it. I really wouldn't mind working with architecting and creating AWS/Azure cloud solutions, or DevOps. If you work in InfoSec you've got to stay up with stuff day in and day out. It wears on you. Sure you could skate by. But at some point it will bite you in the rear, especially if you end up having to look for a new job.

cyberguypr

Money is definitely a factor that sells security careers. You have colleges pushing the glamour of "earn six figures". Then you have the "One Million Cybersecurity Job Openings In 2016" news outlet coverage. And don't forget the "Best six-figure jobs" surveys that everyone and their mother runs. Add then there's the "Shortage of security pros worsens" headlines. See a recurring theme?

The problem is so serious that even guys like me are constantly getting bombarded. I am very comfortable where I'm at, making the famous six figures and what not. Yet not a week goes by where an enticing role comes through my inbox courtesy of LinkedIn. Seriously, when you see roles offering 40-50% over what you are making, your mind starts working. First world problems I guess.

UnixGuy

I can't speak for why people want to...but for me personally, I kinda saw the system administration/career as being a dead end...or I kinda got over too quick, and things keep on changing anyway. Cloud, SDN, DevOps, ..etc...technology will keep on improving to improve efficiency. There was a time when 12 engineers were needed to manage one system (mainframe..)...then technology evolved and one sysadmin was needed to manage 20 servers..and a dba or two...but times have changed and now one sysadmin can (and should manage) 100s of servers, and provision them with a click.

I think of security as something that you should progress towards. Like you build on top of your knowledge and experience with networks and systems...and yes the demand in the market is great. You see jobs in system administration declining in numbers and pay but jobs in security increasing. Technology will keep on evolving, and theoretically speaking our jobs should eventually be replaced by efficient robots - but that's a conversation for another time.

JustFred

The_Expert wrote: »

One word... Money.

Unfortunately, that's the number one motivation for most folks. Instead of getting into an area of IT that they may really enjoy.

I've said it before, IT Security is not a glamorous field. There is a lot of responsibility, a ton of work to do, and quite a few administrative tasks. One wrong move can easily end up being a resume generating event.


P.S. Have I mentioned auditors?

I agree with everything you said. Definitely the wrong mind set when money is put first and experience is an after thought. So many people get burned then they go on saying how **** IT is.

NetworkNewb

The chicks

Danielm7

I agree with the others as to why others are trying to get in, I'm sure most of them are finding that with no IT experience they're having a hard time. I always ask this question when interviewing people for security, some answers are great, some are terrible. For me, it changes all the time, lots of puzzles, I get to use my varied background of experience all the time, etc. Sure, the money is good, but at the higher levels of almost any part of IT the money is good too.

E Double U

NetworkNewb wrote: »

The chicks

The reason for all that we do lol.

636-555-3226

I like it because I live in a best-selling fiction novel. I show up for work and fight against massive organized crime rings as well as highly trained foreign government spies. I have to sort through lots of clues and mysteries to figure out if i'm headed towards a dead end or the guy who infiltrated my massive castle and is trying to kidnap my princess.

Not to mention I'm the king of the castle, the money is good, none of my budget items ever get turned down, and in the end I always get what I want because the alternatives are way worse than the cost of not getting what i want.

Sheiko37

I think it attracts people who aren't experts in particularly anything, myself included.

beads

Enjoy the constant variety of the unending challenge. Its a discipline hard won and difficult if not impossible to master. For new people its about the paycheck but to be really competent in the field and most aren't - at least for very long - don't stay in the field due to burnout. Knowledge refresh is the biggest culprit here as most people don't keep up with the daily threats let alone the field in general. Going to DefCon once a year for "training" is neither keeping up with the industry nor a valid resume point.

Some days I show up to work and feel like a man of international mystery; other days I feel like the "Man from La Mancha". Both descriptions are completely accurate if you look at with a smile.

- b/eads

scaredoftests

The blankets.

gespenstern

Money.

For me it's my passion for investigations.

ITHokie

tpatt100 wrote: »

I think people are seeing "job reports" that are often sponsored by for profit schools or training camps showing a shortage of security people with experience.

Right, it's not the explosion of rates and opportunities driving interest, it's the dirty for-profit universities creating fake job reports.

chrisone

networker050184 wrote: »

It goes in cycles. Whatever is "hot" at the time you'll see a bunch of people looking to hop on board to try and find better career opportunities.

If your not moving, then the money is moving away from you lol

I am hoping to get a franchise out within the next two years. Business and moving with money is where it is at. I don't plan on working for anyone by the time I am 40. I Plan to have money work for me at that point. I have several years to go

I say go with the trends and reach more money than you can, by going from hot technology to the next. It works with investors why not with jobs in IT.


Edit: Also if you study and get your certs, you have every right and motivation to jump from technology to technology.

steve.taylor

For me it's been the challenge. Trying to defend a network/system/company/whatever means that you need to pretty much think of everything, whereas as an attacker, you just need to find one vulnerability. I enjoy that.

I also like the fact that I've needed to be an architect, network engineer, risk manager, operations manager, service manager, pen tester, incident responder, etc. throughout my career. It's a point that I rarely make to other IT people, but I'd back myself to be able to do many of their jobs because security runs across all IT domains. I need to understand their jobs in order to be able to do mine well. I enjoy that, too.

I've also seen far too many people who have jumped on the bandwagon. Far too many people who have joined IT security/infosec for the money/career/something different, and it's usually pretty obvious. They're typically weak in the traditional IT security domains (network security and cryptography), and you can tell that they're there just to do a job. This really frustrates me to see people who "don't quite get it", don't really follow the industry/trends, and who couldn't explain basic concepts to anyone.

I've also seen far too many people such as this with a string of certifications after name...

Clm

Me personally most of my experience comes from security and security comes to me easy. It comes natural i don't know why.
when i took A+ Struggled and passed low 700's but Security+ studied half the time and got a 865 out of 900. CISSP bootcamp studied took and passed in 3 hrs but this linux+ is kicking my but. Also the security world is rich with jobs and generally pays more

Rumblr33

All the cool vendor t-shirts!! Duh..

Seriously, the money is quite decent, the challenges are never ending, and you get to learn about a lot of interesting information. It will all depend on your appetite for success. As stated this is not the most glamorous job. Tasks can get monotonous, meetings all day (preventing you from actually working), and burnout is real.

LA2

The money

Mike7

Passion, $$$$$, fame

Calling... the Force calls out to me.
I want to join the dark side and do ransomware. The returns are better.

ramrunner800

I dunno why everyone here seems to be saying it's not as exciting or glamorous as everyone thinks. I find security exhilirating. If responding to an active APT incident and solving the puzzle doesn't get your blood pumping, I think you must be dead. I suppose that it isn't a passion for everyone, or perhaps the audit or GRC side could be pretty unglamorous. The fact that the money is as good as it is, and that the skills shortage keeps you constantly in demand certainly don't hurt.

ITSpectre

The Wild women, food, and title.....but mainly it is because of how the movies/TV portray people that work in Infosec. Just look at CSI Cyber and you will see what I mean........

But its really the wild women.....:D

JDMurray

Sheiko37 wrote: »

I think it attracts people who aren't experts in particularly anything, myself included.

I think you are confusing "information security" with "marketing."