Cyber Security & IT Pain Points: [Research Request #2]

roninkai

Hello TE. It was almost 2 years ago that I was doing some research on the cyber job market for a project. I'm continuing that now after a long hiatus, new baby, etc. You can read that original thread here 'Cyber Security Hiring Challenges: [Research Request]' for context. I was basically trying to determine who the job seeker audiences are in cyber and what their major pain points were.

I'm hoping to dive deeper into the paint points to elaborate further. So without introducing too many of my own biases' into this research, I'm hoping the TE community here can help. So I ask, in your own tech/IT/cyber career:

• What have been the major pain points to getting where you are today in your career?
• Are you happy where are or are you looking to move/advance within the field/change jobs etc?
   - If looking to advance, what are the main reasons? (salary, seek new challenges, new role/title, location change, management)
• What are you thoughts on certifications, advanced degrees, etc?
  - (Too many options? Too confusing? Too expensive? Unsure of value?)
• What is your dream IT/Cyber job?
• What is your opinion/experience with job boards like Dice/GlassDoor, Indeed? Useful? Not relevant to your needs?
• What products do you think would help you within your career, or what products do you wish existed that would help
  you excel/advance?
• What is the one skill you wish you had that you feel holds you back? (example: for me, it's coding, I wish I learned code years ago)
• If a friend or family member wanted to get into IT/Cyber, whats the primary piece of advice you would give to influence their decision?
  
  

Of course I could go on and on, but I'll leave it at this list for now. I don't ask that you answer each point, only what you want to contribute. 
Anything you can add is always appreciated.

Thanks in advance!

roninkai

I figured it was too much of an 'ask' all at once. Crickets. 

LordQarlyn

LOL I just saw your message and I will be happy to help.

• What have been the major pain points to getting where you are today in your career?
• Probably in the beginning hands on experience, nowadays, fewer IT leadership roles versus individual contributors roles
  
• Are you happy where are or are you looking to move/advance within the field/change jobs etc?
   - If looking to advance, what are the main reasons? (salary, seek new challenges, new role/title, location change, management)
• Happy but always looking to move up, new challenges and more salary and benefits that it often brings.
  
• What are you thoughts on certifications, advanced degrees, etc?
  - (Too many options? Too confusing? Too expensive? Unsure of value?)
• Both have their place but should not be the sole factors to advancing careers or hiring decisions. And yes very many options.
  
• What is your dream IT/Cyber job?
• Ultimately a C-level job. I will likely be getting Director of IT soon, so I am getting closer.
  
• What is your opinion/experience with job boards like Dice/GlassDoor, Indeed? Useful? Not relevant to your needs?
• So so. I've gotten over half my jobs from networking, most of the rest from company websites directly, maybe a couple from job boards.
  
• What products do you think would help you within your career, or what products do you wish existed that would help
  you excel/advance?
• Just about any IT management training would help me with the non-technical aspects, i.e., managing personnel, budgeting. Industry journals to keep up with tech trends.
  
• What is the one skill you wish you had that you feel holds you back? (example: for me, it's coding, I wish I learned code years ago)
• Yeah I wish I learned coding years ago, software development jobs significantly outnumber IT operations jobs and many IT security jobs are in software development jobs too.
  
• If a friend or family member wanted to get into IT/Cyber, whats the primary piece of advice you would give to influence their decision?
• Get hands on experience, better yet, get into coding, particularly those in machine learning, always learn the latest, don't fall behind in skills. Keep your mind sharp.
  

Hope this helps you.

roninkai

Thank you. Yes, this is a great response. Thank you for taking some time to add your comments.

TechnicalJay

I don't think you're asking too much, this site is just very quiet ever since it changed names.

LonerVamp

(Really quick background, I've been in IT since 2002, couple years desktop/tech support, many years sysadmin, and the last 4 years dedicated infosec. I've been interested and involved in the infosec community since 2002 as well.)

What have been the major pain points to getting where you are today in your career?

I think complacency in a role has been one of my biggest pain points. I spent 10 years as a sysadmin at a company, and found myself learning a ton, but eventually coasting quite a bit. I was comfortable, there was really no job progression available, and I didn't do much on my own for career advancement, either. I eventually broke that cycle.

Getting that initial job (tech or security) is also a big deal. Once someone gets a few years of job experience in a field, things should get easier.

Are you happy where are or are you looking to move/advance within the field/change jobs etc? If looking to advance, what are the main reasons? (salary, seek new challenges, new role/title, location change, management)

I am partially happy where I am. I don't particularly like how I and our security team are managed right now, but we have a largely greenfield opportunity to build security and do new things. My experience and learning has increased a lot, and I'm happy with my salary. If I were to move on elsewhere, I consider it a 50/50 shot I'd be happier than here.

If I did hop elsewhere, it would be to seek better management (of security) or particular opportunities to work in certain roles that get a little more specific, probably red/purple teaming. It's really about being happy with how I spend 30% of the rest of my life. Money, company, benefits, really are not driving factors for me anymore. As long as I maintain a certain baseline, I'm good. I find it very important to like whom I work for (immediate boss) more so than any other part of the company management or direction.

What are you thoughts on certifications, advanced degrees, etc? (Too many options? Too confusing? Too expensive? Unsure of value?)

I got my degree back in 2001 when there really were not many options when it came to infosec degrees. We had computer science, computer engineering, and a more business slanted side (MIS/BIS stuff). None of these really talked about security. These days, I see everyone has cybersecurity degrees and even graduate programs, but I strongly question how well those prepare students for jobs securing enterprise businesses. These work great if you're in a SOC or otherwise fairly insulated security department doing security "stuff" or work for a company providing security services, but too often business experience and fundamental IT building block skills can be scarce in these graduates. They come out of school with little to not job/IT experience, and admittedly know lots of book answers to questions, but have very little confidence when it comes to putting hands on a keyboard or dealing with the fact that business typically does not have "do it secure" as a top priority or budget spend. Anyway, that's a long way of saying I'm not impressed with infosec degrees or advanced academic studies.

That said, it's kinda neat that students do get lots of classes in specific things like a semester in forensics or something. Things like that can certainly help guide where a student wants to go with their career since "security" is really very broad.

Certifications are another deal, honestly. I really like them, it helps set a baseline of knowledge and exposure to jargon that I expect people who possess such certs to have. They tend to be quicker, less expensive than school, and more focused on learning a particular thing.

As a practitioner, certs can be part of goal-based learning.

I'm not sure I can say whether they're too expensive or not. I'm at a point in my career where I'm not making entry-level salary, you know? SANS are certainly expensive, but I think they could pay for themselves if a particular course leads down the exact path a student desires. $7000 forensics course that leads directly to a forensics job? Pretty sweet!

What is your dream IT/Cyber job?

I have this same question myself, right now.

What is your opinion/experience with job boards like Dice/GlassDoor, Indeed? Useful? Not relevant to your needs?

I have not used a job board like that since Monster and Dice back in 2005. These days, I use LinkedIn, network with peers, know the major employers in my area, and have my preferences on recruiting firms I don't mind working with.

What products do you think would help you within your career, or what products do you wish existed that would help you excel/advance?

Honestly, I love strong, large communities where topics like these can be hashed out and discussed. Focums, IRC/Discord/Slack, and Reddit have been great for asking specific or nuanced questions and getting support, answers, or criticisms all behind a nice veil of anonymity (for all parties). Twitter has been borderline, but infosec drama is taking over as Twitter goes beyond its tipping point, and the char limitations do not promote intelligent discourse.

Basically, I'm still hungry for more of that.

What is the one skill you wish you had that you feel holds you back? (example: for me, it's coding, I wish I learned code years ago)

This isn't related at all to tech stuff. My most lacking skills is dealing with people. I don't have social anxiety so much as I am just asocial. I also make friends/contacts far slower than most; casual contact and "small talk" just aren't my strengths. (At least, I feel this way, but some others have said I fake it rather well.) I mostly just don't want to be a bother to other people.

On the tech side, I know how to code and script, but I've never been immersed heavily in an OO language like C#/.NET on the development side. Sometimes I default myself out of app dev discussions since I don't know specifics on solving certain problems in the code.

If a friend or family member wanted to get into IT/Cyber, whats the primary piece of advice you would give to influence their decision?

Get a tech job ASAP. Learn, understand, and practice the fundamentals of IT. Build your experience there. Always learn, always be hungry for more information. Don't be afraid to fail or have a wrong answer or break something when your heart is in the right place. Practice, practice, practice. Have that dubious attacker mindset. Question everything. Surround yourself with smart, positive, good people.

Be ready to never get all of what you want to do security perfectly.

I know, that's a lot, but that's what I'd vomit out.

Pmorgan2

What have been the major pain points to getting where you are today in your career?

1. Getting my foot in the door (early 2000's). I suspect this would have been easier if certifications and help desks were more common then.
2. Switching from infrastructure to security. Finding someone to give me a chance took some time. Overcame by luck when I took on information assurance as an "additional duty".

Are you happy where are or are you looking to move/advance within the field/change jobs etc?
 - If looking to advance, what are the main reasons? (salary, seek new challenges, new role/title, location change, management)

I am looking to advance for increased salary and to broaden my experience for future roles. However, I am slowing down now that the challenges of my position match my ability. Instead of moving as fast as possible, I am now looking to stay for 3-4 years in a position before moving to a new one.

What are you thoughts on certifications, advanced degrees, etc?
- (Too many options? Too confusing? Too expensive? Unsure of value?)

I believe certifications are valuable to demonstrate blocks of knowledge in a very wide field. However, I understand certification is confusing for IT professionals and an enigma for HR professionals.
I believe advanced degrees are useful if pursued immediately after an undergraduate degree before starting a career. I believe an advanced degree is at best unnecessary and at worst harmful after a career has started since specific knowledge sets are requested by employers. Advanced degrees typically imply the candidate requires more pay to stay happy.

What is your dream IT/Cyber job?

CEO/COO/Chief Engineer of a quantum computing security company or
Penetration Tester of critical infrastructure industrial control systems (I don't know if this dream would be fun as a long term job though)

What is your opinion/experience with job boards like Dice/GlassDoor, Indeed? Useful? Not relevant to your needs?

I have not had success with job boards. I find the salary dance exhausting (no stated salary range until after interviews). Postings seem to request unicorns for peanuts. It does not feel worth it to go through copying information from my resume into application pages for a 5% chance of hearing back, then spend time on interviews for a 10% chance of an offer, for a 20% chance the offer is acceptable. There are better ways to find a new position.

I have only had success by finding IT recruiters I trust, hearing about positions from people in my professional network, and promoting within organizations with which I've already built rapport.

What products do you think would help you within your career, or what products do you wish existed that would help you excel/advance?

An online home lab with tutorial VMs for technologies including appliances, network devices, industrial control systems, AI coworkers, and AI customers. 

What is the one skill you wish you had that you feel holds you back? (example: for me, it's coding, I wish I learned code years ago)

Advanced coding. Getting the basics does help, but doesn't get me where I want to be.

If a friend or family member wanted to get into IT/Cyber, whats the primary piece of advice you would give to influence their decision?

I think my advice has not worked so far, so I'm curious what other's have to say. I've turned some people away from IT by telling them to get certified, practice in a lab, and to get their foot in the door in a help desk.