Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Stuxnet6359689dAnswering a question with a question:
1) Where do you live?
2) What do you want to do within cyber security?
3) What do you already know?
It's one of those very specific kind of fields where you have to have passion and be very talented otherwise YOU are the security risk during the asessment. You can't be doing it just because there are big bucks to be made or because you just finished hardening your VPS according to whatever guidelines or online guide you found. You have to constantly research and learn about all kinds of trends because IT security usually has the widest scope of risk and new ways how malicious actors can bypass or abuse security grows every day. There is an immense amount of info to consume and even when a security vulnerability gets patched it doesn't go away because there are still millions of systems where this patch will never reach so the vulnerability will stay for years to come. You can specialize in just one field but you will quickly realize how you have to grow and expand. I'm not an IT security specialist but I feel like this is the occupation with the highest and most intense burnout risk
Axel10111116789dOh, I see. I didn't know it was like that. thanks for the answer man
Reminds me of the "security expert" we had assigned to us from forgerock.
SE: "These rules don't feel right because there's an odd number of rules. There are always even pairs of rules."
SE: "There should always be a rule to deny and a rule to allow."
Moi: "You want two-way rulesets? Seems like they'd cancel each other out."
SE: "No, it's just how you do it *adds allow rule*"
Moi: *gains access to system by exploiting rule*
SE: "Wtf how?!"
Most of the security experts I've ever worked with are complete hacks, so I definitely agree. There's some brilliant humans in the field, few of them do pen testing for a living.
@SortOfTested I heard something similar from my colleague - we had an external contractor doing external vulnerability checks/scans and asked us (or rather told us) he needed IMCP for his tests, we whitelisted his IP after which he brilliantly deducted in his report that we allow our machines to respond to Ping and that's the vulnerability we're highly exposed to.
@copyNinja @Axel1011111 don't shy away from the challenge tho. You can still go for it. I don't know your skillset or how talented you are. Maybe what seems complex to me comes naturally for you. Just be prepared that you will need to learn a lot, most of which can make sense only after studying related fields - you need to know a bit of everything. The more you know of everything the better you are positioned. Heck, maybe what took me a good while to wrap my head around will take 1/4th for you.
@Axel1011111 as for where to start - you will definetly need good knowledge of networking as basis, Sys admin course and programming are the two things to get you started. Everything else is will go into specialization and previously mentioned "related fields"... or to expand on the base knowledge.
RikaroDev14788dI have worked in cyber security and here are my 2 cents. Major thing you need for this field is Patience and a stable mind. No, I know this feels cliché... But I have worked as a Dev too and have felt that CyberSec is much more brain-tearing shit hits the fan. You spend hours on 100 tests to find 1 bug, while worrying every moment that you're missing something that can be exploited.
Not all things are gloomy - passion is required.
Suggestions - go to specific cyber sec field from a CS or IT background. Like, if you're a Web Dev move to Web App Sec... From IT move to SecOps... Like that. A solid industry knowledge of things you gonna protect helps.. Else you'll remain as a script-kiddie or tools-kiddie.
CyberSec world moves very fast and you can't afford to stay not updated. There's no all-inclusive book you can read up, you have to follow various blogs, sites, forums, etc. It's demanding and it's fun when you're passionate about it.
RANTSMCPANTS48588dCybersecurity 101, someone breaks in, you're in trouble. You prevent a break in, nobody ever finds out.