Pros and Cons of Different Areas in Cybersecurity

egrizzly

What do you all think the pros and cons of the following cybersecurity areas:

- Incident Response

- Forensics

- Governance

- Audits

- Penetration Testing

- Analytics

Do you think any of the areas has an advantage over the other and why?

Find more posts tagged with

cybersecurity; advantages

disadvantages

Comments

paul78

It's going to largely depend on why you are asking. Any of the various areas in cybersecurity can likely have the same pros/cons depending on the role in that particular area.

What problem are you trying to solve by asking this question?

tedjames

The biggest problem I can see is that since the field is so wide, you can't possibly tackle everything. I guess you could be the proverbial jack of all trades, but you might not be able to become an expert in any one thing. Or if you work in security long enough, you can gradually transition in other aspects of the field.

If you're looking for advice regarding which direction to take, that all depends on what interests you. I've done incident response, governance, penetration testing, security awareness training, etc., but usually in the same job. Right now, I'm spending most of my time revamping our security policies. I'd love to get into forensics, but I just don't have the time, especially not when there's so much more to learn about penetration testing.

spiderjericho

A team or group manager manager can get away with that mentality of the renaissance man.

It takes a lot of experience and skill to be good at any of those skills. Some of them could be mutually supportive like penetration testing/audits or incident response/forensics since certain aspects overlap.

Not to to derail the thread but does the SANS expert exam require you to know all the above?

UnixGuy

I'm not sure I understand the question, but if you're asking about career paths, one catch I found with Incident Response is that it can involve weekend/after hours/overtime work occasionally. Some (a lot) of penetration tests happen on weekends as well. Some forensic investigations are urgent and you can be time pressured.

While Audit/GRC/Governance/Analytics you probably don't need to work after hours/weekends.

egrizzly

UnixGuy said:

I'm not sure I understand the question, but if you're asking about career paths, one catch I found with Incident Response is that it can involve weekend/after hours/overtime work occasionally. Some (a lot) of penetration tests happen on weekends as well. Some forensic investigations are urgent and you can be time pressured.

While Audit/GRC/Governance/Analytics you probably don't need to work after hours/weekends.

Thanks for sharing UnixGuy. Exactly the feedback I was looking for. Its like I suspected that the role which typically works weekends is the Audit/Governance/Analytics folks.

JoJoCal19

egrizzly said:

UnixGuy said:

I'm not sure I understand the question, but if you're asking about career paths, one catch I found with Incident Response is that it can involve weekend/after hours/overtime work occasionally. Some (a lot) of penetration tests happen on weekends as well. Some forensic investigations are urgent and you can be time pressured.

While Audit/GRC/Governance/Analytics you probably don't need to work after hours/weekends.

Thanks for sharing UnixGuy. Exactly the feedback I was looking for. Its like I suspected that the role which typically works weekends is the Audit/Governance/Analytics folks.

I've worked a few GRC/Audit roles and have never worked a weekend. Now longer work days during the week during audit or risk assessment time, sure. But never on the weekends. If anything, you're more likely to have to spend weekend time with the more technical roles (on call, long engagements, skills, etc).

colemic

Another angle to consider, is if you are looking at consulting, vs in house. I spend a fair amount of weekend/evening time working in my role as a consultant, not that I necessarily HAVE to, but it frees me up to do other things during the day (wife is SAHM with our daughter, so I like doing what I can with them.) JAT

Severine

If you want to know the pros of cybersecurity jobs then they are good salaries, number of career options, interesting work to do, and technical advancement whereas the most common cons include continual learning requirements, or overtime working hours, or pressure to defend against the ever-present and ever-evolving cyber threats.

E Double U

I think the pros/cons are employer specific more than the area itself. For example, if you consider weekend work a con then incident response might not be for you because some environments are 24/7 while others have on-call standby. But I have done incident response in a SOC for years and never worked on a weekend. I have had some long, difficult days for sure, but I've had the same in non-security related jobs earlier in my career.

Another item that can be a pro or con depending on one's perspective is being in a reactive or proactive role. I have seen incident response and forensics performed primarily as reactive functions to events that happen during the day while governance, auditing, and pen testing required more planning. Reactive roles can be a con to someone that stresses easily while it would be a pro to someone that enjoys fast-paced environments.

I hope people choose their career paths based on their own interests and not the opinions of strangers on a message board

scasc

E Double U said:

I hope people choose their career paths based on their own interests and not the opinions of strangers on a message board

Or perhaps the one that pays you the most

E Double U

scasc said:

E Double U said:

I hope people choose their career paths based on their own interests and not the opinions of strangers on a message board

Or perhaps the one that pays you the most .

Money is a motivator

anthonx

egrizzly said:

UnixGuy said:

I'm not sure I understand the question, but if you're asking about career paths, one catch I found with Incident Response is that it can involve weekend/after hours/overtime work occasionally. Some (a lot) of penetration tests happen on weekends as well. Some forensic investigations are urgent and you can be time pressured.

While Audit/GRC/Governance/Analytics you probably don't need to work after hours/weekends.

Thanks for sharing UnixGuy. Exactly the feedback I was looking for. Its like I suspected that the role which typically works weekends is the Audit/Governance/Analytics folks.

Not sure if this is a typo error but based on what UnixGuy said... it is the other way around. NOT work on weekends.

JDMurray

On the other side of the coin, SOC (SecOps) work can be 24/7 spread over three shifts. If you wanted to work 2nd or 3rd shift or weekends, SOC work for a large organization is what you should be aiming for.

scasc

I suppose it fundamentally depends on what you enjoy/have passion for and ultimately what you can bring to the table. Audit for example, has a direct reporting line to the Board of directors via the Audit committee and you present your results to the board depending on the materiality of what you are checking. So you get a lot of exposure/qudos as being a risk professional here. As a result depending on where you work, you can easily get a 6 figure salary (VP and higher) and if you happen to work in Big4 as a partner within Security Audit/Risk this will mean inevitably a base of circa 250K (if not higher depending on seniority). But not everyone's cup of team - cons are it can be repetitive/at times numb/tedious/non-co-operative people etc.