Good money yes, but i have engineering, game development, general programming, and audio analysis background. I figure though since these are all not very profitable, limited and don't bring as much enthusiasm as i once had to them that cybersecurity is a realistic role with goals i could strive towards with passion. Currently no work place i have found has allowed me to do so with good pay, job security and consistent work.
I agree with your comment from top to bottom and I am actually in the process of learning some sort of marketable CS based skill set… cybersecurity seems right up my alley and it’s only getting more important to secure infra against cyber attacks, so those people will paid very well I reckon!
Having spent the last few years in a hybrid role ranging from security practitioner, to curriculum designer, and educator, I'd say that cybersecurity has the luxury of being both a challenging and enjoyable career field.
As far as 'good career choice', I can't accurately respond to that without knowing what a good career looks like for you. That being said, if we use # of openings + starting salary as metrics... it does look like a promising career. CSOOnline predict 3.5 million unfilled jobs in cyber by 2021
(https://www.csoonline.com/article/3200024/security/cybersecu...).
I'd recommend taking a look at https://www.cyberdegrees.org to figure out what roles interest you and the experience / certifications that will help you get there. Additionally, if you are looking for materials to read/learn/practice hands-on activities in security, I'll share the (constantly growing) list I've curated: https://www.exeltek.net/accesscyber.
Feel free to reach out with any specific questions you might have, and best of luck!
I echo this. I was also interested in cybersecurity through CTFs. I also do a bit of bug bounties in my spare time. But i've sort of come to the conclusion that cybersecurity as a career isn't that great in general, most roles are just administrative or compliance types from what I've seen. But then I again I have seen opportunities with sort of smaller boutique security firms that mainly focus on exploit research, but for those it feels like they're looking for more specialist knowledge.
I have been in the Cyber Security Industry for the last 17 years. I have worked for large Tech Companies.
Since I and my children like to eat and no one left me any kind of large inheritance, money is a factor. If you feel that it is not important then there will be many opportunities for you to utilize your new skills after completing your studies.
My wife who is an expert in her field has spent time helping companies in a certain industry implement massive new systems. While on her many stints in Canada (GTA) she has noticed that there is an extreme level of under employment. CS Engineers from UofW working for 52k a year doing administrative type tasks. One Gentleman who had a MCS from UofT was earning a salary in the low 60's doing tech support for a system. In comparison I was earning over 6 figures in 2005 working as an Cyber Security Specialist. These are just a few examples and there were many more.
I envy you that you are able to live a care free life where money is not a factor in your pursuit of knowledge and survival. There will be many employers from you to choose from if this is the case.
Bingo. I'm not talking about "cybersecurity" positions. I'm talking about people doing advanced work in exploitation, reverse engineering and cryptography on a consulting basis or those who work in boutique shops.
I pass the $300k mark annually through AppSec consulting, and this is not at maximum utilization, nor is it a particularly "hard" discipline in security.
Like all things, different niches attract different people. There's a market for cyber security and if you're well-versed and highly qualified, you could certainly make as much, if not more, than a software developer. Of course, we could get into the cynicism of how corporations view cyber security professionals (i.e. as someone to blame when something goes wrong, despite not listening to their cyber security employees because it would hurt their quarterly earnings), but that's tangential.
When I was 18-20 I was also passionate about infosec. But I liked development more and infosec didn't seem at that time a domain that is very easy to find employment and gain money.
My advice: Start your own cybersecurity company. No one will hire you for any IT position. So you need to create your own. A niche that isn't being addressed is cybersecurity offerings targeted to small nonprofits. You'd make a killing.
Next time go to software engineering if money is a priority but you still seek the intellectual challenge.
Cybersec pays well earlier than software engineering does, but you meet glass ceilings quite rapidly. Once you get really good at what you do, software engineering is where the real reward is.
Alternatively, if you don't mind focusing on a single product, becoming an expert in any commercial software that costs at least 1m$ to integrate in large companies will land you a high paying salary guaranteed with a tenth of the effort you'd need for software engineering or cybersecurity.
Did you have a background in cybersec beforehand, or just as a software engineer? Cybersecurity interests me, but no background in it (beyond being a senior engineer with a fair amount of cloud experience, and the security stuff you'd be expected to know as one)
the money is ok/ good in the field I've choosen, so moving would mean a decrease in money,
I do work with a lot of cybersec people and boy are they under a lot of pressure with badly designed applications - saying that it's amazing how many of the sec people do not even bother with learning the very basics eg like how TLS really works
Unless you’re going the vulnerability/malware research, reverse engineering, or something equally specialized don’t paint yourself into a corner and limit your options with over specific signaling.
And realize that the above are tough roles to get paid for. There aren’t many of them, you have to have intense technical skills across many domains to be effective. All things considered you are unlikely to be able to make as much money as a developer (with just a little business savvy) putting in the same amount of effort.
Don’t get me wrong, I’m still an old hacker at heart and infosec has a lot of amazing aspects of it. It is one of the last holdouts of the old community-driven cultures around computing, but know what you’re getting into with open eyes. Recruiters and businesses have been working hard to commoditize it for years, and will continue to. In addition it’s been a “hot” job track for a while now, similar to “devops” a few years ago, so you’ll find a lot of folks in it without a particular interest or understanding beyond the surface level resume fodder.
Apart from the fact that it's pretty much impossible to find a job in cybersecurity unless you have some wanky certifications.
When I was younger I tried to break into that world and it was pretty much impossible. Companies I contacted to notify them about their security flaws seldom replied (and when they did, it was never to thank me)
On the other hand, I could always find buyers for exploits in alternative markets, or credit card numbers, or rooted servers.
My moral compass prevented me from going too deep into that stuff, but I know people who ended up setting DDoS -for-cash services, etc. (and they/we were just kids !)
I get it that you're trying to sell courses here, but come on...
I wish these supposed jobs existed when I finished my degree for going into cybersecurity, unfortunately EVERY "entry level" job required 3-5 years experience. It's probably exactly the same today. Now I work in electrical engineering, because the position requested (not required) a background in IT and my hobbyist experience was enough to satisfy the rest of the requirements.
I didn't -- I actually hit my first cybersecurity company straight out of a math degree. It was a firmware security thing, so I spent a lot of time outside of work learning about linux, device drivers, etc. and programming. That's to say -- diving in is surely possible. I'm now at my second cybersec company in a totally different part of the field.
The best part about running a cybersecurity company: lots of easy, free marketing. It's a really good time to be in the industry. It is unfortunate that people are trusting companies to protect their information and it ends up being really hard to do properly. Every able-bodied security engineer really should get in the game since there's money to be made as well as good to be done.
I told my son repeatedly that if he ever wanted a secure and high paying job it coukd be in cybersecurity. We aren't going back to less dependence on networks, and we are putting more and more valuable assets and operations on those networks, which will need to be protected. Although, I suppose ut is possible that computer security could move into the automsted sphere....
reply