Hello devrant, I have a question:

What can you tell me about cybersecurity? is it worthwhile? I mean, could I get a nice job with it? Where should I begin to start learning about it?

  • 3
    Answering a question with a question:

    1) Where do you live?
    2) What do you want to do within cyber security?
    3) What do you already know?
  • 9
    It's one of those very specific kind of fields where you have to have passion and be very talented otherwise YOU are the security risk during the asessment. You can't be doing it just because there are big bucks to be made or because you just finished hardening your VPS according to whatever guidelines or online guide you found. You have to constantly research and learn about all kinds of trends because IT security usually has the widest scope of risk and new ways how malicious actors can bypass or abuse security grows every day. There is an immense amount of info to consume and even when a security vulnerability gets patched it doesn't go away because there are still millions of systems where this patch will never reach so the vulnerability will stay for years to come. You can specialize in just one field but you will quickly realize how you have to grow and expand. I'm not an IT security specialist but I feel like this is the occupation with the highest and most intense burnout risk
  • 1
    Oh, I see. I didn't know it was like that. thanks for the answer man
  • 2
    @Stuxnet I'm from Argentina and I clearly know nothing. I thought it was like a security work but I wasn't expecting it to be so complex
  • 6
    Reminds me of the "security expert" we had assigned to us from forgerock.

    SE: "These rules don't feel right because there's an odd number of rules. There are always even pairs of rules."

    Moi: "Wut?"

    SE: "There should always be a rule to deny and a rule to allow."

    Moi: "You want two-way rulesets? Seems like they'd cancel each other out."

    SE: "No, it's just how you do it *adds allow rule*"

    Moi: *gains access to system by exploiting rule*

    SE: "Wtf how?!"

    Tl;Dr *Magnets*

    Most of the security experts I've ever worked with are complete hacks, so I definitely agree. There's some brilliant humans in the field, few of them do pen testing for a living.
  • 2
    @theKarlisK ur answer helped me out, thank you pal :)
  • 1
    @SortOfTested I heard something similar from my colleague - we had an external contractor doing external vulnerability checks/scans and asked us (or rather told us) he needed IMCP for his tests, we whitelisted his IP after which he brilliantly deducted in his report that we allow our machines to respond to Ping and that's the vulnerability we're highly exposed to.
  • 1
    Everyone is a fucking home inspector ­čÜČ
  • 2
    @copyNinja @Axel1011111 don't shy away from the challenge tho. You can still go for it. I don't know your skillset or how talented you are. Maybe what seems complex to me comes naturally for you. Just be prepared that you will need to learn a lot, most of which can make sense only after studying related fields - you need to know a bit of everything. The more you know of everything the better you are positioned. Heck, maybe what took me a good while to wrap my head around will take 1/4th for you.
  • 1
    @Axel1011111 as for where to start - you will definetly need good knowledge of networking as basis, Sys admin course and programming are the two things to get you started. Everything else is will go into specialization and previously mentioned "related fields"... or to expand on the base knowledge.
  • 1
    @SortOfTested ok so that explains why the security team at my company has some real fucking winners on it
  • 3
    I have worked in cyber security and here are my 2 cents. Major thing you need for this field is Patience and a stable mind. No, I know this feels cliché... But I have worked as a Dev too and have felt that CyberSec is much more brain-tearing shit hits the fan. You spend hours on 100 tests to find 1 bug, while worrying every moment that you're missing something that can be exploited.
    Not all things are gloomy - passion is required.
    Suggestions - go to specific cyber sec field from a CS or IT background. Like, if you're a Web Dev move to Web App Sec... From IT move to SecOps... Like that. A solid industry knowledge of things you gonna protect helps.. Else you'll remain as a script-kiddie or tools-kiddie.
    CyberSec world moves very fast and you can't afford to stay not updated. There's no all-inclusive book you can read up, you have to follow various blogs, sites, forums, etc. It's demanding and it's fun when you're passionate about it.
  • 1
    @theKarlisK Thanks for the words KarlisK, and for the info. I'll definitely see what I can do.
  • 1
    Cybersecurity 101, someone breaks in, you're in trouble. You prevent a break in, nobody ever finds out.
Add Comment