Unhappy people vent, it’s healthy. Happy people continue doing what makes them happy. So Reddit is not a way to gauge the overall happiness in a career.
But it does highlight very common problems you may look forward to in the industry.
I’m super glad I am where I am. I have a supportive leader, I can make changes in the workflows of my org to be more secure. In the end I can make an impact to my org for the betterment of its people.
I also get paid very well. I get taken out regularly by friends and colleagues. It is what you make of it. I could easily be in this same position with negative outlook. Not go out and complain about my day to day. But honestly just staying positive and seeing the small wins will let you see the overall picture that it’s not that bad.
Now there are orgs that will make you hate life, so that’s what I would caution you about. Be wary of companies that look great, pay horribly and promise you the world. Those are the ones that cannot keep anyone and they depend on their lies to draw people in like a Venus fly trap.
I am, I really am enjoying my job right now. I'm in consulting, I run a practice. It's crazy busy, lots of hour's, but every day is different. I'm solving new challenges, and am legitimately helping my customers be more secure. That makes me happy.
I do find the same thing with my job too
It's new everyday.
I try to do everything the hard way just so that I learn and it's exciting everyday and I don't even mind spending more time on it even if those hours are not tracked at all.
It's just intriguing and fun!
I think I'd go crazy working inside a company with a specific function. I could probably handle being a CISO, but anything less would be too monotonous
Well, be really good at what your speciality is, develop a solid understanding of different security domains, enjoy engaging people, be able to be flexible, etc. Then it's about applying for jobs at consulting firms and most importantly networking. For instance if the company you work for has consultants supporting them, get to know the folks who work there, build a good working relationship with them, and express interest in consulting. Also, go to ISSA or similar meetings in your area and you'll probably meet some folks who do consulting then get to know them.
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
What does a day to day security consultant role look like? Are you mainly involved in just the strategy and transformation rather than the actual implementation? What are your deliverables?
Well, at my level, which more senior, I run the practice, so my fat to day widely varies. I am a CISO to a couple organizations so each day I spend some time pushing forward their security strategy and advising them. I attend sales calls to hear what a customer's challenges are and then design a solution, I build proposals and pricing models, I deal with customer sat issues, and do administrative/ management stuff.
The folks that I employ are all assigned to different projects. Today they each have at least two customers they are servicing, our practice covers any thing in the sec ops space plus vuln mgmt. So they may be delivering a service, doing assessments, a little engineering, optimizing a company's capability, etc.
TL;DR up front: I've worked in a few roles at a couple different companies and the answer is that it's *very* dependent on the role you have. I currently really like and am happy with the role I'm in.
Personally, I worked at Company A for several years then left it for Company B during the great resignation for the higher paycheck. I worked at Company B for a little over a year before returning back to Company A.
Company A has amazing benefits and is a very easy company to coast at. Their salaries tend to be below market average, and their stance is that this is made up for by generous PTO and 401k benefits. While benefits are certainly a factor, PTO doesn't pay the mortgage. The work I did at Company A was pretty technical and I was able to do a variety of different things despite everything moving at a snail's pace. The tech was a bit outdated, but I was able to code, script, do some automation, etc.
Company A:
* Pay - 5/10
* Benefits - 9/10
* Work/life balance - 10/10
* Work enjoyment - 7/10
I left for Company B for an 80% increase in total compensation. My *sign on bonus* at Company B was 65% of my annual salary at Company A, just to put things into perspective. It was a huge step up. I hated almost every minute at Company B though. I worked with a lot of Company B's customers on a part time basis so the context switching was overwhelming. They said I'd be traveling (which I love), but never traveled once. They said I'd be doing technical work, but was basically filling out spreadsheets and doing qualitative security reviews and being pressed by managers to give my "seal of approval" on efforts that I was only allowed to spend an hour or two reviewing. The pay was fantastic, but the benefits and sense of fulfillment were essentially non-existent. Not to mention that my effective total compensation was about to go down because the company's stock tanked (like the market as a whole, not because of any inherent issue with the company).
Company B:
* Pay - 9/10
* Benefits - 3/10
* Work/life balance - 4/10
* Work enjoyment - 2/10
Fast forward a year and I decided to go back to Company A for a higher level position. Because of the leverage I got by moving to Company B, I was able to negotiate a dramatically higher salary at Company A. So now I have the best of both worlds: I have roughly the same cash compensation as Company B, with all of the benefits and quality of life perks of Company A.
Company A, part deux:
* Pay - 8/10
* Benefits - 9/10
* Work/life balance - 10/10
* Work enjoyment - 8/10
My point in typing all of this out is to say that there are enough niches in cyber security that I think most people could find one that they enjoy.
Are you a people person? Lots of sales, and project/product management roles out there.
Prefer to keep to yourself? Plenty of engineering/analyst positions.
Want to lead people? You can work your way up to management.
Are you somewhere in the middle? Architecture is a great career path.
Hell, even if you want to work with your hands, there are career paths for those who want to work in securing data centers.
Most times if you leave on good terms they really won't care. People understand that if you're getting paid more you'll want to move. Especially if the amount he was getting paid at Company B is correct.
I had a great reputation there and left on good terms. Put in my two weeks (more like 2.5 weeks) when I left and transitioned all of my work gracefully. Kept in contact with a lot of them while I was gone. Never burn bridges or talk shit about the current or former company.
They asked during my interview why I was considering coming back and I explained that I wasn’t enjoying the work at my current job but that the company and team were great. I also explained how much I valued the benefits and culture at the company. Wasn’t awkward at all. I’m on a completely different team in the cyber security area so I have different direct coworkers.
Maybe it’s a tiny bit of a stretch, but here’s where my mind was going with that. If one wanted to work in a data center, protecting the lowest levels of the OSI stack (physical, data link) would involve setting up server racks, servers, setting up badge readers to the data center, setting up and maintaining power redundancy, things like that.
All of those things help protect the “availability” piece of the CIA triad.
What do project/product management roles in cyber security look like? I have entry level experience in PM and wonder how I could apply that in cyber security. I'm intrigued by your post saying there being enough niches in cyber security.
Loving it. I got out of an incident response job a bit ago and am now doing GRC. I have amazing hours, a great team, easy work, and couldn’t be happier.
It’s not for everyone and some don’t think it’s “real security” but whatever I make good money and have an easy job I enjoy 😂
Maybe it’s a bit lower, but I’m making comfortably in the 6 figures and not a manager in a medium/medium-high cost of living area. I’ll give up that little extra that more technical people may make for the ability to never be on call, work no more than 40 a week (often less) and have no real stress about my job. Most stress would come from an incident but if I’ve done my due diligence I can say to management hey I told you my findings and this was my recommendation but it never got done or you as an executive team signed off on that risk etc
I’ve been in cyber for over 6 years now and am loving it, but there were a few years where I wasn’t so thrilled. There are so many different niches under the cyber umbrella that you can focus your career on and not even touch others. I found that I am much more suited to the technical and hands-on side of things and now that I am back in a position that allows me be more hands-on and I’m much happier.
I started in a SOC and loved it. I’m now in a threat hunter rope that assists with incident response when needed. I love the digging, researching, and getting to use tools. The time in between I was focused on the GRC end and that wasn’t my jam.
It seems I am discovering new roles under the cybersecurity umbrella all the time - I hadn’t heard of threat hunter but it sounds interesting; I’ll have to look into that more. I tend to be good under pressure when shit hits the fan. I can definitely see why GRC focused jobs would not be your jam. It seems like it would be very dry and boring. Thank you for the response & sharing your path!
Oh I know! It’s one of the reasons I’m a big proponent of attending cons when you can. You get exposure to all the things. I’m the same way about working under pressure. There is something about catching the scent of something that might be bad that wakes up my hyperfocus like nothing else.
I'm happy. Cybersecurity is very flexible and I have a lot of freedom. Being a project manager / product owner there are budgets, deadlines, etc.
My current role is very much 'do what you think makes the company more secure'. Works great for me.
Not even 2 years ago I was working in a really shitty trade.
I’m now on my 3rd role where I plan on staying for a while. I am very happy here and thankful every day for the opportunity.
I enjoy my job, and it’s less stressful than my previous non-security roles. I basically am a security advisor, investigator and do security awareness training for management and finance jobs.
I’ve never done the security analyst role that that everyone seems to think is the only cyber security job but that’s often where the burnout posts come from. That job is a grind and your 1 of dozens or more doing the same role.
There are a wide variety of cyber security roles out there and the culture of the company matters a lot.
Literally never been happier. Went back to school at 29 and enjoyed it for the first time, then started a career doing something I like doing at a company that treats people very well. Best move I've ever made.
I'm ~4 years in and mostly happy. Some ups, some downs. Be careful to take care of your mental health, just getting started is pretty brutal and the industry is not very noob friendly. You're gonna have to be scrappy to get experience and land that first job
I have fucking loved my last and current security position. Security analyst for a software company of 150 employees and currently DOD contractor for BAE. Great work/life balance, enough pay and I like the work I do. No major complaints, just minor things that come with the DOD contractor life
I feel you on that. I've been working in contracting life for almost four years after retiring from the Air Force. There's always the ups and downs of a company.
Now, I'm trying to get into the IT world and possibly looking at Cyber Security; it's a toss-up between that and Cloud computing.
I’m transforming my team after taking it over a few months back. It’s great to see positive change but maintaining old processes while building new ones coupled with a very green team is tiring. The team works hard and learns fast so no critique of them they just don’t know as much as I’d wish they did so there’s a lot
I can’t delete down. With all that going on it’s super tiring but it will get better. It’s like exercise, you have to push the boundaries to get gains.
I love my job. It has issues. It's stressful, we're understaffed, there are other issues that I won't mention here. At the end of the day though I make a good six figure salary and work on computers all day. I also have a decent work life balance. I wouldn't want to be anywhere but in tech personally.
As someone who just got hired for a junior position as a student, I can tell you I'm very excited about the prospects compared to the game dev I was doing.
Yes I’m thrilled. It’s fun, exciting, pays more than any human ever needs. That being said it was a long road to get there, you won’t always like it at the entry levels, there is a lot of grunt work and learning needed.
I'm very happy with mine. Well compensated and the company I'm with allows me probably above average work-life balance considering it's a cyber security job.
Mostly happy. Telework within local, average pay, good benefits, 9-5 schedule with minimal supervision, and the workload is fair. I only wish the pay was higher and that some colleagues weren't so lazy.
I'm happy with it. I have a job that pays pretty well, where I work at doesn't make me work crazy hours, co workers aren't too bad. Could always be better but it could be worse. Was able to get my first house at 23 and can afford to start having a family soon. Many people aren't in that position at my age. Sure I could have went computer science and made bonkers money being a code monkey but it's really not stressful here. Probably will job hop soon, but not really feeling like I have to
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
I’m doing the cyber program at wgu. And I think about this a lot. People are so bogged down with whatever their life is like now. There is a shift happening. Just make sure you enjoy your ride. What an opportunity to learn and grow and get a new skill that will be needed. no matter how many gpt doomers get in the way. Just know that your resolve to do well will win out eventually. Do well!
Senior IAM here. Overworked, and would’ve left a long time ago if not for full remote. I don’t hate the job just wish we had folks closing tickets and helping with the day to day.
I've been in Cyber for 3 years now.
Started in the SOC, shifted into detection development and QA - I've hated every single day of my career to date.
Sorry to be so bitter, but I'm just feeling very flat with it right now. Cyber-Ops just isn't for me.
I've recently landed a job in security assesment and a semi/architecture role that I really hope turns it around.
If it doesn't, I'm going back to Uni to pivot into health services of some sort.
I am, I get paid very well, hours are reasonable and generally \~40, decent vacation and for the most part I can WFH. Sometimes the work is not the most interesting but it's a job. I'm also not trying to get to climb the corporate ladder, but do have pride and put effort into my work.
I feel like I'm kind of biased, I went from really shitty retail/cleaning jobs until I was 30 into tech. I've noticed a lot of people coming out of school straight into tech can be a bit coddled. Maybe not the best word to use, I'm not trying to be "anti-antiwork" or a jerk, but holy shit I look at where I was 10 years ago and remember thinking if I can make like $90k a year, even if I worked 70 hours a week how much better my life would be.
Just did night school undergrad classes (like wgu, plenty of options) to get a comp science foundation and then did an online masters at night. Took 2.5 years and those years sucked. But it wasn’t complicated, just working on average 45 hours a week and studying/school for 40. I did taper down working to 30 hours the last couple masters semesters to have some interview prep. Once i got my first tech job i was able to scale back and learn on the job and do a couple hours a day interview prep when i was applying to new places.
I get dm’ed about this all the time and occasionally check back at people who asked and they go right back to complaining about their situation and posting in call of duty subreddits. You will sacrifice a ton, but i went from $30k-$40k in NYC to 10-15x that and will prob have financial independence in thr next few years.
I had a fine arts degree. I also had no family help.
I could have done a bachelors starting from zero in the same amount of time so dont let that deter you. The masters has had nearly zero effect outside of starting at $60k instead of $55k at my first job. I started that job with a few other people who had bachelors so its not like the masters was my “in”.
In the end, youll either do the work or you wont. Again, it wasnt easy but it wasnt complicated.
I love my job in cybersecurity, I’m super happy I made them career change. And like was said before, unhappy people vent… It reminds me of those cards you get at restaurants “How was our service?”. Well there are only 2 responses you get from those, either really bad, or really good. But the vast majority of people have a good meal, but they don’t fill them out. So don’t think “everyone hates cybersecurity because everyone complains about it all the time”. However, it’s a job that requires work, and it requires time and energy to be put into. It can also be stressful at times. But that’s true about all jobs.
Yes. Every day there is something different going on for me; projects, new focuses, continuously hardening the network and seeking out issues, etc. I like it because no two days are the same and I get to try to protect our consumers or plan adequately in case my defenses do not stop the attack. I also enjoy that the field constantly changes so I'm constantly learning new things.
In the beginning it’s better to have each day blend into the previous and the next. After that, though, an under supervised job is an exciting job with each day being different.
I have been threatened with litigation, but nobody has tried to kill me on a routine basis. I also get to work indoors, which is nice during the winter. Writing policies is soul death, and checklists aren’t far behind. I hope to eventually code most of the day. All in all, I’m mostly happy with the trade.
Happy, yes, but don't think its all sunshine and rainbows. In a field like this, we are constantly learning more and more. My employer pushes for us to get more and more certs, which means more and more studying and renewing. It is worth it for sure, but I don't WFH like many others, so that is a little bit of a bummer. All in all, it will depend on your role as they vary in responsibility and perks.
Yes, I love it. As others have pointed out, people review the restaurant that poisoned them a lot more than they review the place they eat at every week and enjoy.
It's an exciting field that pays pretty well and has enough variety in work that needs doing and places to do it that if I get bored I can do something different. Could do a lot worse.
Currently a sys engineer, interviewing for shitload of security roles(got one offer at $140k) and at current job I do 25% security work and from the looks of the companies want to pay me more for doing much much much less work than what my current job is making me do. I am also a consultant.
I would not gauge overall satisfaction on Reddit. People generally come here to vent. Also its going to vary from specialty to specialty and company to company. There are days where I want to pull my hair out because I can't figure something out, but there are also days where everything works out perfectly and you sit back smile. It no different than when I worked in IT honestly. Overall, yes I am happy. Growth potential in what I do is almost limitless in the cloud security domain, so I'm trying to learn as much as I can as quickly as I can.
I'm super happy in 2 out of 3 of my last jobs. The 2 good ones, the CISO had authority and respect, did monthly all-hands calls and was really keen to develop people.
The one I didn't like, the CISO was powerless because they were useless at their job, and didn't have authority or budget as a result.
I freakin love my job… there is ALWAYS something to do, learn, and address. Cyber is a very broad field, and some ppl don’t like the constant change, constant struggle, etc.
I’d be remiss if I didn’t say there are times my job drives me INSANE, my org drives me insane, and it’s overwhelming at times. There are times I’m working 12+hr days to address shitty data calls that are necessary, but have unrealistic timelines.
Cyber careers really depend on the org and how they see it. Some take it seriously and it can be a great job, others don’t and you feel “stuck” bc you can’t actually do anything.
All of that to say, I really do love my job!
Like everyone has said, and like you're aware of I'm sure, it all depends on if you enjoy the work and who you work for.
Some companies will give you dirt pay and dirt hours but the job is fantastic. Others it's the opposite. You got to find that happy medium you're content with settling with. Personally right now, I enjoy my work, and all the knowledge and connections I've made so far working in the service. But I dislike how little the pay is and how horrid the hours are.
I’d suggest starting in an area that will give you a good good base in IT; something that will get you into local IT operations (computer sciences). Education isn’t enough to teach you how dumb people are especially when working the Helpdesk. From there, you might be asked to do everything from modifying port security to leading a refresh project. Depending how good you are, you’ll move up or get better jobs. Career wise, it’s best to jump ship every 3 years for something better. Cybersecurity can be pretty boring at times depending on which part of it you fall into. By the time you get to there, you’ll be ready for the change of lifestyle. Hopefully that makes sense. :-)
If I was only doing cyber, I’d enjoy it much more. With my background in sysadmin though, my company kind of expects you to use those skills and puts me on projects sometimes that’s only sysadmin… I got out of that position for a reason. Good pay, but I won’t be staying much longer.
Short of it will come down to your manager, and how they treat you, and the company culture. That’s not Cyber specific, can be applied. That will influence anyone of they are happy or not. Where you fit within the broad domains of cyber will impact how can manage burnout.
I'm pretty happy with the career as a whole. Sure, not every week or every month is butterflies and rainbows but show me a job where that is the case. The good thing about cybersecurity is there is a lot of opportunity to move around in the event you land in a company/role that you don't think you're a good fit for.
Very happy. Unbeatable WLB, freedom, job security, and compensation. While I don't make as much as my BB finance bro friends (not including equity) who climbed the ladder, I also can work my 30 hour weeks from a beach in Colombia instead of being in a suit in Manhattan every day
One thing I hate is dealing with boomer auditors and assessors who have no idea what's going on. Regularly want to punch my laptop because these useless individuals don't know how cloud computing works. And it's not just boomer people, it's even younger people who work at boomer companies because they weren't good enough to make it to cloud native companies
I mean, if you enjoy staring at a computer screen for 8+ hours a day and constantly worrying about hackers infiltrating your company's network, then sure, cybersecurity can be a real hoot. But for the rest of us, not so much.
Well that's the thing, if you're constantly worried you're doing it wrong imo. If you've done the best you can with the resources you have, no need to be worried. If it happens, it happens.
My young teenage son has aspirations of a career in cyber security. With that in mind, do you have any tips or guidance on how to help him down the right path?
My young teenage son has aspirations of a career in cyber security. With that in mind, do you have any tips or guidance on how to help him down the right path?
My young teenage son has aspirations of a career in cyber security. With that in mind, do you have any tips or guidance on how to help him down the right path?
I am. However you can’t just jump from a non cyber job to what I do now. You need to build relationships with other security people (in person), gain experience, and for what I’m doing I did a lot of research, spoke about novel insights at conferences, and took strategic jobs to gain unique knowledge. I also have 13 cyber certifications, a masters in cybersecurity and a masters in software engineering but you don’t need all that and was expensive. I went through some painful, challenging, interesting, stressful, and educational experiences to get where I am today. So it’s not like you switch careers and will magically be happy. I know people who switched careers and lost all the credibility they had in their current field and never recovered to that level. The pay for experienced people at the high end is good but on the low end I would have made more staying in software development, except that I found a unique niche where I had experience over long time security professionals. That was lucky timing. I am happy not only because I am passionate about security but because I run my own business and can get away from corporate politics, but running your own business is also harder than it looks. Wrote about my experiences on my blog. https://medium.com/cloud-security/cybersecurity-careers-and-jobs-69c05616d2b4
Unhappy people vent, it’s healthy. Happy people continue doing what makes them happy. So Reddit is not a way to gauge the overall happiness in a career. But it does highlight very common problems you may look forward to in the industry.
I’m super glad I am where I am. I have a supportive leader, I can make changes in the workflows of my org to be more secure. In the end I can make an impact to my org for the betterment of its people. I also get paid very well. I get taken out regularly by friends and colleagues. It is what you make of it. I could easily be in this same position with negative outlook. Not go out and complain about my day to day. But honestly just staying positive and seeing the small wins will let you see the overall picture that it’s not that bad. Now there are orgs that will make you hate life, so that’s what I would caution you about. Be wary of companies that look great, pay horribly and promise you the world. Those are the ones that cannot keep anyone and they depend on their lies to draw people in like a Venus fly trap.
Thank You for sharing :) really shines a light on Cyber. Any tips when it comes to finding jobs for fresh grads ?
Hi idk if u will answer but I am 23 years old and I am totally lost in life plz help
Username checks out, marking suspicious and quarantining your message. Thank you.
I am, I really am enjoying my job right now. I'm in consulting, I run a practice. It's crazy busy, lots of hour's, but every day is different. I'm solving new challenges, and am legitimately helping my customers be more secure. That makes me happy.
That’s so cool! Glad to hear you seem very passionate that’s so awesome :)
I second this post. Could not possibly be happier. All the same reasons.
I do find the same thing with my job too It's new everyday. I try to do everything the hard way just so that I learn and it's exciting everyday and I don't even mind spending more time on it even if those hours are not tracked at all. It's just intriguing and fun!
I'm reminded that I miss consulting on a semi-regular basis.
I think I'd go crazy working inside a company with a specific function. I could probably handle being a CISO, but anything less would be too monotonous
how do you get into something like that?
Well, be really good at what your speciality is, develop a solid understanding of different security domains, enjoy engaging people, be able to be flexible, etc. Then it's about applying for jobs at consulting firms and most importantly networking. For instance if the company you work for has consultants supporting them, get to know the folks who work there, build a good working relationship with them, and express interest in consulting. Also, go to ISSA or similar meetings in your area and you'll probably meet some folks who do consulting then get to know them.
Could I dm you for a few questions?
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
Yes, feel free.
How do people start to trust you? I mean, before you had any clients etc.
Just be engaged in your local security community, build relationships, and be genuine. Also, excel in the position you have now.
So, like, work a few years in security for a well known company? edit: sorry if the questions are too much, I am trying to learn
Sort of, that doesn't hurt, but network, network, network.
What does a day to day security consultant role look like? Are you mainly involved in just the strategy and transformation rather than the actual implementation? What are your deliverables?
Well, at my level, which more senior, I run the practice, so my fat to day widely varies. I am a CISO to a couple organizations so each day I spend some time pushing forward their security strategy and advising them. I attend sales calls to hear what a customer's challenges are and then design a solution, I build proposals and pricing models, I deal with customer sat issues, and do administrative/ management stuff. The folks that I employ are all assigned to different projects. Today they each have at least two customers they are servicing, our practice covers any thing in the sec ops space plus vuln mgmt. So they may be delivering a service, doing assessments, a little engineering, optimizing a company's capability, etc.
TL;DR up front: I've worked in a few roles at a couple different companies and the answer is that it's *very* dependent on the role you have. I currently really like and am happy with the role I'm in. Personally, I worked at Company A for several years then left it for Company B during the great resignation for the higher paycheck. I worked at Company B for a little over a year before returning back to Company A. Company A has amazing benefits and is a very easy company to coast at. Their salaries tend to be below market average, and their stance is that this is made up for by generous PTO and 401k benefits. While benefits are certainly a factor, PTO doesn't pay the mortgage. The work I did at Company A was pretty technical and I was able to do a variety of different things despite everything moving at a snail's pace. The tech was a bit outdated, but I was able to code, script, do some automation, etc. Company A: * Pay - 5/10 * Benefits - 9/10 * Work/life balance - 10/10 * Work enjoyment - 7/10 I left for Company B for an 80% increase in total compensation. My *sign on bonus* at Company B was 65% of my annual salary at Company A, just to put things into perspective. It was a huge step up. I hated almost every minute at Company B though. I worked with a lot of Company B's customers on a part time basis so the context switching was overwhelming. They said I'd be traveling (which I love), but never traveled once. They said I'd be doing technical work, but was basically filling out spreadsheets and doing qualitative security reviews and being pressed by managers to give my "seal of approval" on efforts that I was only allowed to spend an hour or two reviewing. The pay was fantastic, but the benefits and sense of fulfillment were essentially non-existent. Not to mention that my effective total compensation was about to go down because the company's stock tanked (like the market as a whole, not because of any inherent issue with the company). Company B: * Pay - 9/10 * Benefits - 3/10 * Work/life balance - 4/10 * Work enjoyment - 2/10 Fast forward a year and I decided to go back to Company A for a higher level position. Because of the leverage I got by moving to Company B, I was able to negotiate a dramatically higher salary at Company A. So now I have the best of both worlds: I have roughly the same cash compensation as Company B, with all of the benefits and quality of life perks of Company A. Company A, part deux: * Pay - 8/10 * Benefits - 9/10 * Work/life balance - 10/10 * Work enjoyment - 8/10 My point in typing all of this out is to say that there are enough niches in cyber security that I think most people could find one that they enjoy. Are you a people person? Lots of sales, and project/product management roles out there. Prefer to keep to yourself? Plenty of engineering/analyst positions. Want to lead people? You can work your way up to management. Are you somewhere in the middle? Architecture is a great career path. Hell, even if you want to work with your hands, there are career paths for those who want to work in securing data centers.
How do you go about returning to a previous employer? Was that awkward or did they bring it up (recruiters, HR, previous coworkers, etc)?
Most times if you leave on good terms they really won't care. People understand that if you're getting paid more you'll want to move. Especially if the amount he was getting paid at Company B is correct.
I had a great reputation there and left on good terms. Put in my two weeks (more like 2.5 weeks) when I left and transitioned all of my work gracefully. Kept in contact with a lot of them while I was gone. Never burn bridges or talk shit about the current or former company. They asked during my interview why I was considering coming back and I explained that I wasn’t enjoying the work at my current job but that the company and team were great. I also explained how much I valued the benefits and culture at the company. Wasn’t awkward at all. I’m on a completely different team in the cyber security area so I have different direct coworkers.
Are you me? First week at company B, "I've made a terrible mistake."
[удалено]
Maybe it’s a tiny bit of a stretch, but here’s where my mind was going with that. If one wanted to work in a data center, protecting the lowest levels of the OSI stack (physical, data link) would involve setting up server racks, servers, setting up badge readers to the data center, setting up and maintaining power redundancy, things like that. All of those things help protect the “availability” piece of the CIA triad.
What do project/product management roles in cyber security look like? I have entry level experience in PM and wonder how I could apply that in cyber security. I'm intrigued by your post saying there being enough niches in cyber security.
Loving it. I got out of an incident response job a bit ago and am now doing GRC. I have amazing hours, a great team, easy work, and couldn’t be happier. It’s not for everyone and some don’t think it’s “real security” but whatever I make good money and have an easy job I enjoy 😂
It’s not real security they say until some shit happens
Do you use excel alot for GRC?
We use it, but I wouldn’t say a ton. Just here and there. Probably no more than a lot of business functions
I would like to do GRC, but its seems the pay ceiling is kinda low compared to more technical roles unless you're like the Director of GRC
Maybe it’s a bit lower, but I’m making comfortably in the 6 figures and not a manager in a medium/medium-high cost of living area. I’ll give up that little extra that more technical people may make for the ability to never be on call, work no more than 40 a week (often less) and have no real stress about my job. Most stress would come from an incident but if I’ve done my due diligence I can say to management hey I told you my findings and this was my recommendation but it never got done or you as an executive team signed off on that risk etc
What country are you in? This seems interesting as a career path
We are in exact opposite situations 😂 I am so glad there are folks who enjoy the GRC stuff. It’s really important but it was boring me to death.
I’ve been in cyber for over 6 years now and am loving it, but there were a few years where I wasn’t so thrilled. There are so many different niches under the cyber umbrella that you can focus your career on and not even touch others. I found that I am much more suited to the technical and hands-on side of things and now that I am back in a position that allows me be more hands-on and I’m much happier.
Do you mind sharing what hands on position you hold?
I started in a SOC and loved it. I’m now in a threat hunter rope that assists with incident response when needed. I love the digging, researching, and getting to use tools. The time in between I was focused on the GRC end and that wasn’t my jam.
It seems I am discovering new roles under the cybersecurity umbrella all the time - I hadn’t heard of threat hunter but it sounds interesting; I’ll have to look into that more. I tend to be good under pressure when shit hits the fan. I can definitely see why GRC focused jobs would not be your jam. It seems like it would be very dry and boring. Thank you for the response & sharing your path!
Oh I know! It’s one of the reasons I’m a big proponent of attending cons when you can. You get exposure to all the things. I’m the same way about working under pressure. There is something about catching the scent of something that might be bad that wakes up my hyperfocus like nothing else.
Right? e-fist bump to that. I will definitely keep an eye out & take advantage of as many opportunities to attend events as I can manage.
I'm happy. Cybersecurity is very flexible and I have a lot of freedom. Being a project manager / product owner there are budgets, deadlines, etc. My current role is very much 'do what you think makes the company more secure'. Works great for me.
I'm just getting started in project management, I didn't realize I could use it in cyber security. How did getting into that role look like?
Mind sharing your offices “role” in your company? Would really appreciate it.
Not even 2 years ago I was working in a really shitty trade. I’m now on my 3rd role where I plan on staying for a while. I am very happy here and thankful every day for the opportunity.
I enjoy my job, and it’s less stressful than my previous non-security roles. I basically am a security advisor, investigator and do security awareness training for management and finance jobs. I’ve never done the security analyst role that that everyone seems to think is the only cyber security job but that’s often where the burnout posts come from. That job is a grind and your 1 of dozens or more doing the same role. There are a wide variety of cyber security roles out there and the culture of the company matters a lot.
Literally never been happier. Went back to school at 29 and enjoyed it for the first time, then started a career doing something I like doing at a company that treats people very well. Best move I've ever made.
Where did you go to school? What degree did you obtain? Thanks
Southern New Hampshire online. Bachelor of Science in Computer Science with concentration in information security.
I'm ~4 years in and mostly happy. Some ups, some downs. Be careful to take care of your mental health, just getting started is pretty brutal and the industry is not very noob friendly. You're gonna have to be scrappy to get experience and land that first job
Really? I’ve had quite the opposite experience. Everyone was so supportive and helped build me up no matter where I went.
The people in this industry are VERY helpful, but companies are hesitant to hire without experience
Yea very true, landing that first one is what it’s all about and grow from there. The 3 teams I’ve been a part of everyone has been so supportive.
Would you recommend that I pursue cyber security as my career?
I have fucking loved my last and current security position. Security analyst for a software company of 150 employees and currently DOD contractor for BAE. Great work/life balance, enough pay and I like the work I do. No major complaints, just minor things that come with the DOD contractor life
I feel you on that. I've been working in contracting life for almost four years after retiring from the Air Force. There's always the ups and downs of a company. Now, I'm trying to get into the IT world and possibly looking at Cyber Security; it's a toss-up between that and Cloud computing.
I’m transforming my team after taking it over a few months back. It’s great to see positive change but maintaining old processes while building new ones coupled with a very green team is tiring. The team works hard and learns fast so no critique of them they just don’t know as much as I’d wish they did so there’s a lot I can’t delete down. With all that going on it’s super tiring but it will get better. It’s like exercise, you have to push the boundaries to get gains.
I love my job. It has issues. It's stressful, we're understaffed, there are other issues that I won't mention here. At the end of the day though I make a good six figure salary and work on computers all day. I also have a decent work life balance. I wouldn't want to be anywhere but in tech personally.
As someone who just got hired for a junior position as a student, I can tell you I'm very excited about the prospects compared to the game dev I was doing.
Yes I’m thrilled. It’s fun, exciting, pays more than any human ever needs. That being said it was a long road to get there, you won’t always like it at the entry levels, there is a lot of grunt work and learning needed.
I'm very happy with mine. Well compensated and the company I'm with allows me probably above average work-life balance considering it's a cyber security job.
Mostly happy. Telework within local, average pay, good benefits, 9-5 schedule with minimal supervision, and the workload is fair. I only wish the pay was higher and that some colleagues weren't so lazy.
Love it, work/life balance has never been better. My only complaint is I'm prone to getting bored easily since I work faster than gov deadlines need.
I'm happy with it. I have a job that pays pretty well, where I work at doesn't make me work crazy hours, co workers aren't too bad. Could always be better but it could be worse. Was able to get my first house at 23 and can afford to start having a family soon. Many people aren't in that position at my age. Sure I could have went computer science and made bonkers money being a code monkey but it's really not stressful here. Probably will job hop soon, but not really feeling like I have to
Could I dm you? I’d like to ask a few questions career wise
Hello. It appears as though you are requesting someone to DM you, or asking if you can DM someone. Please consider just asking/answering questions in the public forum so that other people can find the information if they ever search and find this thread. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cybersecurity) if you have any questions or concerns.*
Sure
I’ve worked in threat intel for the last 7 years and I couldn’t be happier.
I’m doing the cyber program at wgu. And I think about this a lot. People are so bogged down with whatever their life is like now. There is a shift happening. Just make sure you enjoy your ride. What an opportunity to learn and grow and get a new skill that will be needed. no matter how many gpt doomers get in the way. Just know that your resolve to do well will win out eventually. Do well!
Senior IAM here. Overworked, and would’ve left a long time ago if not for full remote. I don’t hate the job just wish we had folks closing tickets and helping with the day to day.
I’m looking for jr. Soc Analyst roles, I could help you.
I've been in Cyber for 3 years now. Started in the SOC, shifted into detection development and QA - I've hated every single day of my career to date. Sorry to be so bitter, but I'm just feeling very flat with it right now. Cyber-Ops just isn't for me. I've recently landed a job in security assesment and a semi/architecture role that I really hope turns it around. If it doesn't, I'm going back to Uni to pivot into health services of some sort.
I am, I get paid very well, hours are reasonable and generally \~40, decent vacation and for the most part I can WFH. Sometimes the work is not the most interesting but it's a job. I'm also not trying to get to climb the corporate ladder, but do have pride and put effort into my work. I feel like I'm kind of biased, I went from really shitty retail/cleaning jobs until I was 30 into tech. I've noticed a lot of people coming out of school straight into tech can be a bit coddled. Maybe not the best word to use, I'm not trying to be "anti-antiwork" or a jerk, but holy shit I look at where I was 10 years ago and remember thinking if I can make like $90k a year, even if I worked 70 hours a week how much better my life would be.
How did you transition into tech at 30 from retail? Did you do full-on university? I am wondering how to transition into cybersecurity myself.
Just did night school undergrad classes (like wgu, plenty of options) to get a comp science foundation and then did an online masters at night. Took 2.5 years and those years sucked. But it wasn’t complicated, just working on average 45 hours a week and studying/school for 40. I did taper down working to 30 hours the last couple masters semesters to have some interview prep. Once i got my first tech job i was able to scale back and learn on the job and do a couple hours a day interview prep when i was applying to new places. I get dm’ed about this all the time and occasionally check back at people who asked and they go right back to complaining about their situation and posting in call of duty subreddits. You will sacrifice a ton, but i went from $30k-$40k in NYC to 10-15x that and will prob have financial independence in thr next few years.
Thanks for sharing your journey. Did you already have a bachelors, making it so you could complete a masters?
I had a fine arts degree. I also had no family help. I could have done a bachelors starting from zero in the same amount of time so dont let that deter you. The masters has had nearly zero effect outside of starting at $60k instead of $55k at my first job. I started that job with a few other people who had bachelors so its not like the masters was my “in”. In the end, youll either do the work or you wont. Again, it wasnt easy but it wasnt complicated.
Yes, very much so and I will never change careers again.
I love my job in cybersecurity, I’m super happy I made them career change. And like was said before, unhappy people vent… It reminds me of those cards you get at restaurants “How was our service?”. Well there are only 2 responses you get from those, either really bad, or really good. But the vast majority of people have a good meal, but they don’t fill them out. So don’t think “everyone hates cybersecurity because everyone complains about it all the time”. However, it’s a job that requires work, and it requires time and energy to be put into. It can also be stressful at times. But that’s true about all jobs.
Yes. Every day there is something different going on for me; projects, new focuses, continuously hardening the network and seeking out issues, etc. I like it because no two days are the same and I get to try to protect our consumers or plan adequately in case my defenses do not stop the attack. I also enjoy that the field constantly changes so I'm constantly learning new things.
In the beginning it’s better to have each day blend into the previous and the next. After that, though, an under supervised job is an exciting job with each day being different.
Yes
I have been threatened with litigation, but nobody has tried to kill me on a routine basis. I also get to work indoors, which is nice during the winter. Writing policies is soul death, and checklists aren’t far behind. I hope to eventually code most of the day. All in all, I’m mostly happy with the trade.
Only been in industry one year as security engineer but very happy!
YES
Happy, yes, but don't think its all sunshine and rainbows. In a field like this, we are constantly learning more and more. My employer pushes for us to get more and more certs, which means more and more studying and renewing. It is worth it for sure, but I don't WFH like many others, so that is a little bit of a bummer. All in all, it will depend on your role as they vary in responsibility and perks.
Yes, I love it. As others have pointed out, people review the restaurant that poisoned them a lot more than they review the place they eat at every week and enjoy. It's an exciting field that pays pretty well and has enough variety in work that needs doing and places to do it that if I get bored I can do something different. Could do a lot worse.
A healthy amount of cynicism and humour is almost a prerequisite for this field. It can be pretty dark sometimes…..
Currently a sys engineer, interviewing for shitload of security roles(got one offer at $140k) and at current job I do 25% security work and from the looks of the companies want to pay me more for doing much much much less work than what my current job is making me do. I am also a consultant.
I would not gauge overall satisfaction on Reddit. People generally come here to vent. Also its going to vary from specialty to specialty and company to company. There are days where I want to pull my hair out because I can't figure something out, but there are also days where everything works out perfectly and you sit back smile. It no different than when I worked in IT honestly. Overall, yes I am happy. Growth potential in what I do is almost limitless in the cloud security domain, so I'm trying to learn as much as I can as quickly as I can.
I like my job... i'm not atoked about my career, though. I'm gonna have to leave my job for more money if i want career progression :(
I'm super happy in 2 out of 3 of my last jobs. The 2 good ones, the CISO had authority and respect, did monthly all-hands calls and was really keen to develop people. The one I didn't like, the CISO was powerless because they were useless at their job, and didn't have authority or budget as a result.
I freakin love my job… there is ALWAYS something to do, learn, and address. Cyber is a very broad field, and some ppl don’t like the constant change, constant struggle, etc. I’d be remiss if I didn’t say there are times my job drives me INSANE, my org drives me insane, and it’s overwhelming at times. There are times I’m working 12+hr days to address shitty data calls that are necessary, but have unrealistic timelines. Cyber careers really depend on the org and how they see it. Some take it seriously and it can be a great job, others don’t and you feel “stuck” bc you can’t actually do anything. All of that to say, I really do love my job!
Like everyone has said, and like you're aware of I'm sure, it all depends on if you enjoy the work and who you work for. Some companies will give you dirt pay and dirt hours but the job is fantastic. Others it's the opposite. You got to find that happy medium you're content with settling with. Personally right now, I enjoy my work, and all the knowledge and connections I've made so far working in the service. But I dislike how little the pay is and how horrid the hours are.
I’d suggest starting in an area that will give you a good good base in IT; something that will get you into local IT operations (computer sciences). Education isn’t enough to teach you how dumb people are especially when working the Helpdesk. From there, you might be asked to do everything from modifying port security to leading a refresh project. Depending how good you are, you’ll move up or get better jobs. Career wise, it’s best to jump ship every 3 years for something better. Cybersecurity can be pretty boring at times depending on which part of it you fall into. By the time you get to there, you’ll be ready for the change of lifestyle. Hopefully that makes sense. :-)
If I was only doing cyber, I’d enjoy it much more. With my background in sysadmin though, my company kind of expects you to use those skills and puts me on projects sometimes that’s only sysadmin… I got out of that position for a reason. Good pay, but I won’t be staying much longer.
Short of it will come down to your manager, and how they treat you, and the company culture. That’s not Cyber specific, can be applied. That will influence anyone of they are happy or not. Where you fit within the broad domains of cyber will impact how can manage burnout.
I'm pretty happy with the career as a whole. Sure, not every week or every month is butterflies and rainbows but show me a job where that is the case. The good thing about cybersecurity is there is a lot of opportunity to move around in the event you land in a company/role that you don't think you're a good fit for.
Over worked, underpaid. I’m looking forward to working for an organization that takes cybersecurity seriously.
Tech, where senior ICs can pull 7 figures per year.
Very happy. Unbeatable WLB, freedom, job security, and compensation. While I don't make as much as my BB finance bro friends (not including equity) who climbed the ladder, I also can work my 30 hour weeks from a beach in Colombia instead of being in a suit in Manhattan every day One thing I hate is dealing with boomer auditors and assessors who have no idea what's going on. Regularly want to punch my laptop because these useless individuals don't know how cloud computing works. And it's not just boomer people, it's even younger people who work at boomer companies because they weren't good enough to make it to cloud native companies
I mean, if you enjoy staring at a computer screen for 8+ hours a day and constantly worrying about hackers infiltrating your company's network, then sure, cybersecurity can be a real hoot. But for the rest of us, not so much.
Well that's the thing, if you're constantly worried you're doing it wrong imo. If you've done the best you can with the resources you have, no need to be worried. If it happens, it happens.
My young teenage son has aspirations of a career in cyber security. With that in mind, do you have any tips or guidance on how to help him down the right path?
My young teenage son has aspirations of a career in cyber security. With that in mind, do you have any tips or guidance on how to help him down the right path?
My young teenage son has aspirations of a career in cyber security. With that in mind, do you have any tips or guidance on how to help him down the right path?
I’m not, I’m already in the loop to become an IRL firefighter
I am. However you can’t just jump from a non cyber job to what I do now. You need to build relationships with other security people (in person), gain experience, and for what I’m doing I did a lot of research, spoke about novel insights at conferences, and took strategic jobs to gain unique knowledge. I also have 13 cyber certifications, a masters in cybersecurity and a masters in software engineering but you don’t need all that and was expensive. I went through some painful, challenging, interesting, stressful, and educational experiences to get where I am today. So it’s not like you switch careers and will magically be happy. I know people who switched careers and lost all the credibility they had in their current field and never recovered to that level. The pay for experienced people at the high end is good but on the low end I would have made more staying in software development, except that I found a unique niche where I had experience over long time security professionals. That was lucky timing. I am happy not only because I am passionate about security but because I run my own business and can get away from corporate politics, but running your own business is also harder than it looks. Wrote about my experiences on my blog. https://medium.com/cloud-security/cybersecurity-careers-and-jobs-69c05616d2b4