Why do so many people seem to want to go into security work?

JoJoCal19 · April 2016

I didn't choose security, security chose me

But seriously I was doing security work before it was the cool thing, and before I really knew what security was. At my first IT job in 2005 I was a JOAT and that included IAM, firewall, etc. After that job I was working second level desktop support at a global finance firm and after a year and a half, I was approached by management that the Global Security Administration team had an opening and they were close with the manager and that I should apply. So I did and got the position. Them doing that was more because I was bored and was more capable than what I was doing in second level desktop support. After getting an actual security position I became more aware about security, obtained my Sec+, and decided that I would stay within security and make a career out of it. Since then I've obtained my CISSP, GSEC, GCIA, CEH and CHFI and have made 3 job moves and doubled my income into the six figures. Money is a huge plus, and it's a field that will not be going away or dwindling in importance.

Priston · April 2016

Doesn't anyone watch TV? Security professionals can be super heroes! I've always wanted to be a super hero.

TechGromit · April 2016

Iristheangel wrote: »

... , there's no security product that's 100% effective at preventing all forms of attack or just pure human stupidity since humans are the weakest link.

Humans, Bah! who needs them. I wonder if Skylabs was a security program, get rid of all the humans, all the cyber security problems solved.

OctalDump · April 2016

Number one reason: It's sexy. Staring at screens of green text and saying things like "We're in!" (although some of us say that when we enter our PIN to use an ATM)

I think also it pays well - which is nice - and it's sort of senior in a way: you get to tell other people how they should do their job, but largely you aren't actually accountable for how they do their job.

It also pulls together a lot of IT skills, so if you like the bigger picture and how infrastructures work, it can be interesting.

It also offers a path out of the grind of keeping up with technologies: you don't have to know all the nuances of the latest MS operating system, or know all about minutiae of networking protocols. You can get yourself a nice management job, write policy and delegate, and not have to worry that they've changed the commands to configure OSPF on the 1941 IOS 15.4.

cyberguypr · April 2016

Sexy? Heck yeah! Want proof? Check out the latest footage of me doing my InfoSec magic:

https://i.imgur.com/c73ZSAs.gifv
http://i.imgur.com/zALURXu.gifv

NOC-Ninja · April 2016

UnixGuy wrote: »

Hey OP why work anyway? It's stressful

Is it just me or that was genius? I almost spit my coffee

More money > more responsibilities > stress level = HIGH

Winzer · April 2016

I think a lot of people are going for Sec jobs because they cannot be outsourced, unlike just about every other IT jobs.

Danielm7 · April 2016

Winzer wrote: »

I think a lot of people are going for Sec jobs because they cannot be outsourced, unlike just about every other IT jobs.

Sure they can, in some industries you don't want to, but lots of companies use MSSPs for their security work.

Iristheangel · April 2016

You're 100% spot on, Danielm7. Somewhat onpoint: If I recall correctly, I believe that "Evil Corp" in Mr Robot even outsourced their security to Elliott's firm (Allsafe).

[Deleted User] · April 2016

OP, as anyone here will tell you, security is in tiers. From physical layer to application layer of OSI, if one layer is not accounted for, the whole thing doesn't matter. As everyone here is saying, there is no such thing as 100% secure. However, it can be prevented with end user training for things like social engineering to phishing and certain IT departments have different tiers of security. Not all security areas are hacking/cyber security. For example, I work in Access Controls Identity and access management. Yes it is security, but not the penetration tester side of security. Ex: If you manage Active Directory groups and delete expired AD accounts or unused AD accounts, this can prevent someone from gaining access to the account and not have someone escalate their privileges that a penetration tester may be able to pick up on through a pen test. Hopefully that makes sense but all the different IT security divisions work together directly/indirectly to mitigate risk. Also, companies also have to accept risk as well. If you want to learn more about security and what you are looking at, consider picking up a book on Risk management/assessment as most of you question will probably be answered there. Hope this helps.

Why do so many people seem to want to go into security work?

Comments