Current Events > 4 months into the new job/career as a cybersecurity analyst AMA

(+) Yeah! (+)

Been pretty dope so far. Work from home fully. 4 day work weeks(4 10 hour shifts) and I get paid more than I did as a teacher for way less work and half the hours

Not to sound insensitive, but is job security a concern for you?

And is this your ideal career?

How much networking knowledge do you have to have for that field? Like NET+ level, CCNA, etc.?

PowerOats posted...

Not to sound insensitive, but is job security a concern for you?

And is this your ideal career?

not at all. My company has been actively hiring during all these tech layoffs. And actively building up their cyber side of the business. Definitely my ideal career field. But not sure which specialty Ill end up going towards just yet

Ooh. I'm actually going to school for IT, still trying to decide which domain to focus on though...

What does your day to day look like?

ThisIsAKnoife posted...

How much networking knowledge do you have to have for that field? Like NET+ level, CCNA, etc.?

gotta know the networking basics for sure and how the internet works absolutely. I skipped Net+ and went straight for Security+, CySA+, and about to do the AWS cloud practicioner cert.

when I got hired all I had was security+

NoxObscuras posted...

Ooh. I'm actually going to school for IT, still trying to decide which domain to focus on though...

What does your day to day look like?

Cybersecurity is really fun. Its like a summary of all other tech fields since security is involved in everything.

my day to day is working and triaging alarms and writing investigations, mainly. I work for an MSSP so our SOC monitors like 300+ business/enterprise/government companies and entities.

lots of investigating and digging into potential compromises. Call customers when weve found stuff and offer mediation techniques basically.

its tedious work but its work from home so I can listen to music, pet my dog, have YouTube on in the background, etc which makes it amazing

I wish I could be working right now. I was working as a junior T1 support prior to my health issues. I'm not allowed to work until March, but my province has a tech hiring freeze until May. Because you know.... F me I guess. They want to try and push me back working retail, but F that, my heart and head cannot take it. I would literally rather sell my house and move back in with my parents than work another day in retail.

MFBKBass5 posted...

Cybersecurity is really fun. Its like a summary of all other tech fields since security is involved in everything.

my day to day is working and triaging alarms and writing investigations, mainly. I work for an MSSP so our SOC monitors like 300+ business/enterprise/government companies and entities.

lots of investigating and digging into potential compromises. Call customers when weve found stuff and offer mediation techniques basically.

its tedious work but its work from home so I can listen to music, pet my dog, have YouTube on in the background, etc which makes it amazing

Wow 300+ businesses sounds like a lot. But okay, it sounds like what I thought a cyber security job would be. Lots of monitoring network traffic. Although your company is definitely on a larger scale than what I'd get involved with as a government employee lol.

From the perspective of a software developer a lot of cybersecurity jobs consist of people getting paid absurd amounts of cash to do mindless tasks like running scanning software so that the company can tell their customers "we are very secure. Look at all the cyber security people we have on staff". I don't begrudge people for going down that path to get the $$$$ but it just seems a bit silly.

NoxObscuras posted...

Wow 300+ businesses sounds like a lot. But okay, it sounds like what I thought a cyber security job would be. Lots of monitoring network traffic. Although your company is definitely on a larger scale than what I'd get involved with as a government employee lol.

Yeah the amount of alarms on a daily basis is insane. I heard government cyber jobs actually pay lower than corporate roles.

Atralis posted...

From the perspective of a software developer a lot of cybersecurity jobs consist of people getting paid absurd amounts of cash to do mindless tasks like running scanning software so that the company can tell their customers "we are very secure. Look at all the cyber security people we have on staff". I don't begrudge people for going down that path to get the $$$$ but it just seems a bit silly.

yeah thats not at all how most cyber jobs work lol. Maybe the shitty ones that dont do their jobs well. Butt yes the pay is good, and rightfully so. Without security experts the internet would be 1000x more of a shit show lol

TC, has it started bothering you yet that your security recommendations fall on deaf ears with devs or IT?

PowerOats posted...

Not to sound insensitive, but is job security a concern for you?

Cyber Security is a fast growing field. As long as there's tech, there's a need to ensure proper security practices are being implemented for that tech. Cyber security isn't going anywhere.

How long did u have to study to get to this point? Any formal education or study path u recommend?

Atralis posted...

From the perspective of a software developer a lot of cybersecurity jobs consist of people getting paid absurd amounts of cash to do mindless tasks like running scanning software so that the company can tell their customers "we are very secure. Look at all the cyber security people we have on staff". I don't begrudge people for going down that path to get the $$$$ but it just seems a bit silly.

You must not be aware of PCI compliance and the security steps needed for a business to keep that compliance.

[LFAQs-redacted-quote]


surprised it took you this long to post in my topics. Youre usually way faster than this. A bit disappointed honestly

BlazinBlue88 posted...

TC, has it started bothering you yet that your security recommendations fall on deaf ears with devs or IT?

Cyber Security is a fast growing field. As long as there's tech, there's a need to ensure proper security practices are being implemented for that tech. Cyber security isn't going anywhere.

Its a bit annoying but it doesnt really bother me. I get paid either way. Its our customers choice to follow our advice. If they dont theyre just throwing away a LOT of money. Our services are not cheap by any means haha

the_pika posted...

How long did u have to study to get to this point? Any formal education or study path u recommend?

started learning Python last March. Did a cybersecurity bootcamp full time from the end of June to mid October. 8 hours a day 5 days a week. Landed a job a week after I graduated from them. Got my first certification before I even graduated.

doesnt take long to switch to cybersecurity. There are SO many open jobs. If you know your shit and can do well in a technical interview then youll find a job fast.

BlazinBlue88 posted...

You must not be aware of PCI compliance and the security steps needed for a business to keep that compliance.

This. Im surprised a software developer is complaining about running vuln scans honestly

MFBKBass5 posted...

yeah thats not at all how most cyber jobs work lol. Maybe the shitty ones that dont do their jobs well. Butt yes the pay is good, and rightfully so. Without security experts the internet would be 1000x more of a shit show lol

Maybe my job is just shit about it. We had a cybersecurity incident a while back after years of upper management denying our requests to implement better security. After the incident, they hire a cybersecurity team who just tell us to implement CIS benchmarks. Which we had already been trying to do prior to them ever being hired

Kloe_Rinz posted...

Maybe my job is just shit about it. We had a cybersecurity incident a while back after years of upper management denying our requests to implement better security. After the incident, they hire a cybersecurity team who just tell us to implement CIS benchmarks. Which we had already been trying to do prior to them ever being hired

Theres a big difference between trying and actually implementing those CIS benchmarks lol. What kinda team did yall end up hiring? Maybe they werent great at elaborating or something

why do my jwt tokens keep expiring

Turtlebread posted...

why do my jwt tokens keep expiring

For security purposes so they dont get stolen in a MitM attack Id assume. You want short token history length for sure.

MFBKBass5 posted...

Theres a big difference between trying and actually implementing those CIS benchmarks lol. What kinda team did yall end up hiring? Maybe they werent great at elaborating or something

by trying I meant proposing to the business and having it rejected by the business. Our security team does very little implementation and just palms it off on us. And the very little implementation they do, they don't test and they have caused stores to close for days at a time due to a change they make breaking something and us not having authority to revert it. the most recent one was their new vulnerability scanner flogging the CPU to 100% and nobody could use their PCs for anything

MFBKBass5 posted...

This. Im surprised a software developer is complaining about running vuln scans honestly

I'm not. Devs only care(and are forced to prioritize tbf) bugs and features. They don't want to take the time to stop using smb 1.0 or an old version of Java cause it still works just fine....until it doesn't. Then a sysadmin is forced to enable smb 1.0 on the servers the app interacts with cause that's an easier fix than fixing the app itself.

Kloe_Rinz posted...

by trying I meant proposing to the business and having it rejected by the business.

No one in IT, dev, or security can force management to make improvements unfortunately. Just try to make the most convincing argument we can to them.

Kloe_Rinz posted...

Our security team does very little implementation and just palms it off on us.

From my personal experience, that isn't the job of security teams. They shouldn't have any admin access to workstations or servers. When I work with my InfoSec team, they come to me wanting to roll out a product like vuln scanner or whatever. I have to install it on a couple test servers, monitor for cpu/ram usage then roll it out to the rest.

Just fail to see the point in them (in our company) when they are just there to tell us to do what we already tried suggesting years ago. I'm sure other companies do it better but not ours. They care very little if they cripple the business due to a bad rollout

Glad you got a rewarding career :)

Lets say youre in line at a gas station to buy some Reeses. Dude comes in, pulls out a gun, and tries to rob everyone in line and the cashier.

do you try and catch the robber offguard/disarm them? Or do you give your wallet up like a pushover?

im in cyber too. great industry to be in

TaylorHeinicke posted...

im in cyber too. great industry to be in

what kinda role are you in?

MFBKBass5 posted...

what kinda role are you in?

sales

tech is having its problems, but the competent CIOs/CISOs understand cyber is not a place to cut budget. our company is having zero issues growing in this economy

TaylorHeinicke posted...

sales

tech is having its problems, but the competent CIOs/CISOs understand cyber is not a place to cut budget. our company is having zero issues growing in this economy

yep. Cyber attacks are only getting more and more frequent. What kinda product to yall sell?

MFBKBass5 posted...

gotta know the networking basics for sure and how the internet works absolutely. I skipped Net+ and went straight for Security+, CySA+, and about to do the AWS cloud practicioner cert.

when I got hired all I had was security+

Nice. Im an ISP network engineer so cyber security as its own field / department has always been sort of interesting to me since I build my own firewalls, respond to DDoS, MiTM, etc. and we havent had any issues with leaks or breaches. Probably not big enough to catch the ire of a really competent hacker though.

We are also a small-scale MSP and I mostly deploy Sophos/Fortigate hardware for companies that require PCI compliance (insurance agencies, clinics, etc.), so I try to at least keep up to date on day zero exploits and vulnerable firmwares.

Is there a brand of firewall you know is definitively the best?

ThisIsAKnoife posted...

Nice. Im an ISP network engineer so cyber security as its own field / department has always been sort of interesting to me since I build my own firewalls, respond to DDoS, MiTM, etc. and we havent had any issues with leaks or breaches. Probably not big enough to catch the ire of a really competent hacker though.

We are also a small-scale MSP and I mostly deploy Sophos/Fortigate hardware for companies that require PCI compliance (insurance agencies, clinics, etc.), so I try to at least keep up to date on day zero exploits and vulnerable firmwares.

Is there a brand of firewall you know is definitively the best?

Our customers use all sorts of different firewalls and brands, honestly. So Im working with lots of different logs and getting exposed to different platforms. Honestly I think SentinelOne is the best solution out there right now. Sophos and Fortigate are nice as well, but that FortiOS CVE that popped up recently has been causing havoc around the world lately.

[LFAQs-redacted-quote]


Nice!! Thats badass. Ive got a small taste of red team stuff through my bootcamp, and I enjoyed it a lot. Id be interested in going down that path maybe in the future too. Would want to get a few years experience building my knowledge and coding skills first, honestly.

Cloud security interests me a lot, too. A coworker just left for AWS and man the benefits working there seem insane.

I'm actually working on a cybersecurity bachelors degree now. How hard was it to break into? I have a tech background but not IT really.

Not really career related by how tall are you and how tall are you compared to your male co-workers?

Say there are 10 male coworkers in your direct department, which number would be you be height-wise?

dummy420 posted...

I'm actually working on a cybersecurity bachelors degree now. How hard was it to break into? I have a tech background but not IT really.

I feel like I had an odd/unusual experience getting my first job. My college degree is in music. My only formal tech experience was the 3 month cybersecurity bootcamp, and had never worked an IT job. Got a job within a week of graduating but I was the only one in my class to get a job that fast.

If you get the rights certs, have a degree in cyber and can interview well/you know your shit, youll land a job quickly.

SlamVook posted...

Not really career related by how tall are you and how tall are you compared to your male co-workers?

Say there are 10 male coworkers in your direct department, which number would be you be height-wise?

im 61. No clue my coworkers heights. I work fully remote.

MFBKBass5 posted...

im 61. No clue my coworkers heights. I work fully remote.

so youre basically living the dream

is your salary decent ?

the_pika posted...

so youre basically living the dream

is your salary decent ?

70k as a contractor now but should jump to 90 base here in April once Im hired on direct. After bonus and stock options salary should be around $110k.

MFBKBass5 posted...

Yeah the amount of alarms on a daily basis is insane. I heard government cyber jobs actually pay lower than corporate roles.

I don't think government is too far behind most tech companies. It's only the giants like Google that make considerably more than state workers.

I can apply for positions like application development, SQL database management, Java development, network engineer, etc., with a salary range of $71k - 115k. And from there I can promote to more senior positions that make $116k - $139k.

So while I won't be hitting 200k+ like some of Google's IT positions, it's still decent pay.

NoxObscuras posted...

I don't think government is too far behind most tech companies. It's only the giants like Google that make considerably more than state workers.

I can apply for positions like application development, SQL database management, Java development, network engineer, etc., with a salary range of $71k - 115k. And from there I can promote to more senior positions that make $116k - $139k.

So while I won't be hitting 200k+ like some of Google's IT positions, it's still decent pay.

Yeah I work for one of those giants lol. Some of the upper level positions Ive seen nearly break 200. Its crazy. I dunno how I lucked into my job, but hey Ill take it lol

What kind of checks and balances are in place?

DCinGA posted...

What kind of checks and balances are in place?

checks and balances for what?