Cybersecurity is Overhyped (it's not reality as a career)
Ghostery Browser Extension: mygho.st/grant
⏰ Timestamps:
0:00 - Introduction
1:00 - security careers are not all about hacking
2:48 - here's reality
3:43 - security is also a culture issue
4:00 - My Thoughts on Ghostery (it's free)
5:22 - buzz, trends, and surface-level info
6:05 - security is hard work
6:30 - How to Navigate the Hype
🔗 Links
@HackerSploit Video: • Stop Trivializing Cybe...
Dee Boo Dah Store (join the movement): www.deeboodah.com/
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?: Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfAMMonitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgRFKeyboard (Velocifire VM01): amzn.to/2TEswfdHeadphones
(Audio Technica ATH-M40x): amzn.to/2F4Tvq6Standing Desk (FlexiSpot Height Adjustable 47 inch): amzn.to/3p3uSAa
90% of cyber security is convincing other people why they shouldn't be dumb. The other 10% is convincing yourself you're not dumb.
don t get it
You’re hired
@@jejejejajaja3966 Lots of imposter syndrome. Lots of research all the fucking time. Plus keeping up with constant changes to security best practices and renewing certifications like a CISSP.
Lol
This is a great career option for Aquarius people
I totally agree. I was "influenced" that you need to know kali linux, wireshark, Splunk in order to get into the cyberspace. I literally had blinders on for a year thinking I need to be technical. People say you need to know your OSI model - yes you should know your OSI model, if you're in a department that needs it. I just obtained an Internship, and it is the complete opposite of what influencers envision cybersecurity. Cybersecurity as a whole is the protection of a service or organization which means a lot of meetings, collaborating with different teams, thinking bigger picture, and projecting where your company will go. There are departments like an internal / external SOC, Triager, IR, CTI. These departments do exist - but do not think that these are the only ones. In fact, these are a few of many inner pieces of a company. I just wanted to shed some light. To people getting in, dont limit yourself with the technical stuff. YES they are good passion projects to show companies that you are interested in the field, but don't go thinking that is exactly what you'll be doing for your 1st job. If you've applied for a specific job (i.e SOC) and want to look at network packets all day as your first "entry" job - the chances are slim. Same for certifications - whatever influencer you follow that told you to get sec+, CCNA, A+ are right. However, know that certification does not equal job ready. Maybe (CCNA is), but for the most part HR just put that in as a requirement. I have my Sec+ and so far, I haven't actually implemented the terminology into my workday. Be open, be communicative, and be willing to learn. Thats all I have to say. Keep grinding, keep applying, but know that cybersecurity is more than just technical red teaming. rant over yall
People into reverse engineering do not need kali linux....
I had the exact same experience you did ! Since I also interned in the IS dept., specifically cybersecurity group, I was mind-blown to find out it wasn’t all technical, most of the stuff we worked on was reviewing and analyzing cybersecurity terms & conditions which requires some technical knowledge but no technical application really, which was surprisingly pretty fine for me.
Agreed. Although it very much depends which cyber security team you work in. Some are very technical while others are more burocratic/ process oriented. Everyone on my team is RHEL certified except for me, but my manager has asked me to get certified for audit and compliance purposes.
People are schizophrenic on Kali. One half will tell you it's the greatest thing since teenage sex, while the other half will tell you it can't be trusted because you didn't compile the tools and don't know who built any of it. But people who don't work in the industry dabble with Kali and think they're some nation state Anonymous shit.
Knowing splunk is so huge m8
Wow, what a disappointment! I thought I'd be dressed in all black, wearing high speed hi-tech comm gear, breaking into a highly secured building in the dead of night to hack the file system of a high value target and then being extracted off the roof via a helicopter. Back to the drawing board for me.... But in all seriousness, I'm glad you addressed this Grant because a lot of what I see presented in the field is the red team "rah rah" attack/pentester side of things. Personally, I'm more intrigued by working in a SOC as a malware analyst. Those video views are far less juxtaposed to the red team content for sure!
I mean u can do the first part if u want😂
😂
If you aren't head to toe tacticool, how am I supposed to trust you to reset my password?
You forgot the guy fawkes masks
I'm a Red Teamer and the new BT guys doesn't know malware analysis yet so I do it haha
CISO checking in. "Cybersecurity" these days is a very broad term and is more than just hacking which seems to be what most of this video is targeting. There is security risk and compliance, third party risk, security operations, security architecture, security engineering, devops security engineering, just to name a few outside of hacking. It is challenging field but who wants a brainless and easy job? The pay is high and one can often work remotely. There aren't enough people in the industry. It's an excellent field. The threats are always evolving.
This is exactly my point. Hacking isn't the only career in cybersecurity, as many new students like to believe it is.
There are various and a myriad of domains in security with such vast areas it's not even funny.
Hey man, can I lend your brain and knowledge a bit and talk about Cyber Security plus everything that goes with it? I'm wanting to get into that field!
Id like to get into cyber sales, something extremely people oriented!
@@collinsinfosec the hacking side is the most entertaining and plausible unless youre just into corporate/ law stuff
If I could give advice to myself when I joined Tech, I would say 2 things. The first is, every company is different. The way your first company configured a domain controller, or collected logs, ran table top exercises etc: doesn't necessarily mean it was done the best/right way. It was done in a way that solved a problem for them at the time. Rarely in technology departments are systems designed long term, they are usually designed because of an urgent need. Learn to live and die by best practice, but understand there is times when that isn't going to fly. There is never a time to tell someone I told you so. The second lesson I would tell myself, is when in meetings with people who instill confidence, and clearly know what they are talking about, double your focusing on listening. Just don't wait for your turn to talk. Try to understand the concepts, ask questions, and be dialed in. There is a lot of nuances in cyber security that you can only understand if you are really dialed in every single day.
Programming is exactly the same. Everyone thinks it's ping-pong tables and free lunch, but there is a huge emphasis on project management and people skills. Those skillsets are more important to your job security than being a great programmer.
Well said Grant, a good dose of reality to the people who are wanting to get into Cyber.
This is so true, my masters classes were pretty much Kali Linux all day long and when I got to corporate they told me that's only available up north in DC area and a small part😤. Needless to say I was disappointed. But it's all good. Live and learn
As an engineering student in a much different domain but interested in computers and security in his free time I have to say I really appreciate your realistic approach. I’m just sick of flashy overhyped content going after clicks with buzzwords. So thank you for the videos Grant
Happy to help :)
Which domain? Civil?
What engineering branch are you studying? Industrial? Mechanical?
You think cyber security is overhyped? Just look at AI and machine learning :D
@@KulwantSingh-xr4si mainly mechanical
You're transparency and humility just earned my subscription. Gracias amigo!
I knew your channel was worth subscribing to, thank you for your honesty, time, and effort.
found your channel 1 video ago, this is my 2nd and I'm so happy that I found you :D I love the quality of your video content and your philosophy or approach to things, especially the perspectives.
Great content all around! My favorite part of this video is you taking accountability for "almost" falling into the false marketing approach as well. I agree with everything you said. Some "known" content creators are not doing a good enough job of properly guiding individuals that wish to enter the space. And those that are - lack the viewership they deserve.
The ex hacker from prison will most likely never be allowed to touch another computer during his entire life
A lot of “cyber security” is just company IT policy and enforcement. It pays well if you work for the DoD and have certificates.
I'm working an internship this summer in InfoSec and I've been shocked at how little college has prepared me for the real world in InfoSec, you learn the basics of all the tools and Linux and all that in school which is all essential and very good to know, but once you get there you end up just using vendors and enterprise level tools that you've never heard of that do a lot of the dirty work for you unless you are a pen tester or red team...even then there are red team tools out there that automate testing your security controls. But one of the big aspects I've never heard of in InfoSec until I got a job in IS, is threat intelligence and threat hunting, before this job I had minimal if any knowledge on what that's all about. Though if I'm being honest it's really intriguing.
I am also in an internship this summer in cybersecurity and agree with you. A lot of what I have learned so far has not been taught at my university.
@@kalebworku2127 bro Please drop your telegram or Discors id here so that we can connnecr please
How'd you get your internship? Was it remote or in-person?
Such an important message. Thank you!
Trust me when you're in a security consulting company doing all types of assessments, Pentesting, Red Teaming, Purple Teaming, you really won't get much time to research. You mostly get a 50 hours assessment. The only time you get to do some research is during the downtime. If you are good at what you do and you put in effort to learn new stuffs and if you actually manage to break into the industry, you can do most of these things. And yes reporting is one of the most important things when it comes to consulting.
I agree. Behind the glamor is a lot of hard work and frustration. Many days that have nothing exciting at all.
2 main areas: Defensive and offensive. Like an R6S game. Attacking an area (offensive) while being like a server. Defensive, penetration testing to test your defensive. The also in defensive, building your DNS or strengthening your proxy to prevent people penetrating into your servers or what ever you are protecting.
Yes buddy i even so i was searching for proper content from past 5 years when i was in 10th grade but 80 percent of videos are just focused on hype .
Just a few months ago I got a security engineer job and it did also open my eyes to how the day to day really is on a higher level. I agree with every bit and you hit some very good points. SOC work is fun to me with analyzing incidents and even finding ways to automate on a SOC level. But with my engineer role I find it way more fun and pleasing building infrastructure and tools rather than the glorified pen tester side. I believe people need to find there NAC in what they like within the umbrella that cybersecurity is.
I share similar opinion with you! I’ve been an analyst, did a pentest, now an engineer as well and I enjoy it much more. Sticking to path of engineering and architecting solutions
Can I become a security engineer right out of college with internship experience
I'm an appsec engineer. I do a little bit of pentesting. But I've started to notice that I really like building tools and getting the networking aspects to all work in-tandem. Solving a problem or providing a security tool and documenting the architecture of everything. For the past 5 years, I was on the "pentester pill". I never thought I would enjoy the engineering aspect of IT, more specifically for security related stuff.
@@reshaudmiller9908 I became an associate security engineer right out of college but I had a very unique internship experience where I had the opportunity to deploy an enterprise-wide security tool that positively benefited the entire organization so I became an easy sell to senior management. With that being said, definitely ask your hiring manager if you can continue the internship remotely/part-time when you continue your studies the following school year.
@@jarednealeigh1553 thanks
Take the CISSP to really understand what a mile wide, inch deep means. Red teaming is 1% of the overall cyber ecosystem.
CISSP seems like it was also written just to be hard to understand what they are even asking.
"Take the CISSP"? Do you want to let everyone know what the requirements are for even taking the CISSP? The CISSP is a piece of paper. Want something that will show skill? Get the OSCP.
@@z00k almost like they serve completely different roles.
@@z00k get comptia a+ the only professional certificate in the market. you will learn how to hack into computers just with a screwdriver
@@robbirobson7330 Maybe I'll go into industrial tech and just get certified to use professional saws
Agreed. Red team is a very small sector of the cyber landscape. Accurate representation is necessary.
Yes BUT again its the most fun
Thank you soo much this video helped me making a big choice in my future job
Well.. I've been a truck driver for 12yrs and currently getting a cert through ISC2. I'm not sure how far that will get me, but it's a start. Really hoping I grow in this field. I want this, bad
Hey congrats man!
I got my first security job about a year ago and it is a lot different than what I thought it was going to be but I do enjoy it but I'm mainly doing patch management fun lol
get paid bro, save money and reinvest, that's it, videos like these just discourage.
This is a good message for people. Thanks
It's hilarious that Collin's youtube page wallpaper is him doing "ls" on his duo monitor.
Thank you soo much , highly appreciated
My girl has been in cyber security for years. She's a higher up now makes tons of cash and can't write a single line if code. Coding is not needed for this role in reality.
Cybersecurity isn't a role though. Also general programming knowledge is definitely needed in roles concerning anything that's gonna require you to automate, build upon, or create something.
what role does she have?
Just found your channel through YT suggestion...glad it did. So, I've been doing IT stuff for the better part of 20 years and I can see the 'overhypeness' of CyberSecurity for sure. I cannot count how many times I've heard people complain about not understanding why they even need to understand fundamentals and when can they start hacking all the things. Everyone wants to hack everything, no one wants to spend the many hours writing SOPs. 😆 Love the work.
What is sop?
@@qwrt102 Standard Operating Procedures
I work in cybersecurity and I have little to no technical skills or knowledge. But I can write, speak well and make problems understood by executives.
How’d you get a job? What did you go to school for
Totally agree with you, today there's plenty of areas within cybersecurity where people can work in without knowing it all. Also agreeing on the BS, I'm super tired of companies trying to sell me another snake oil solution, while you have amazing FOSS projects that do the same for free. I love two statements in your video: security is also a culture issue and is hard work, that's sums it well. As someone who works on protecting, you need to make sure everything is safe, while attackers must find one meaningful vulnerability, is tiresome.
Hahahaahha the thumbnail had me dying. I often get called out on my perplexed faces when troubleshooting some stuff, this is so accurate it hurts 😂
I kind of figured that there was a lot of bull with the way some people presented cybersecurity. At my age I am just wanting to do something where I can make a living with what is between my ears a bit more than having a strong back. A back that isn’t so strong anymore. The investigation part is what seems neat to me. Tracking the bad actors to their den that and taking them down is more like what I have done in the past just with a swat team and not a keyboard. That and after being a Paramedic for 30 years I want a desk job.
An analyst position would be perfect if you’re looking towards an investigation side. Yeah Incident Response might be end goal but CyberSec Analyst gets you a lot of from the ground up experience. I’m in a Threat Detection sector and part of my job is skimming through phishing emails employees get from day to day figuring out different ways threat actors conceal phish. The amount of tools I’ve learned in only a month is just insane and it’s what really counts in the industry.
@@EdinPuthy May I ask what advice/certifications/experience you recommend in order to acquire a Cyber Analyst job? It sounds like something I would like to do. I am switching careers from Registered Nursing. I have a Bachelor's of Science in Nursing.
@@thatfishbreeder First I would go for an A+ certification. Shows you have general knowledge in IT. Then start with help desk positions. It’s really hard to get into cybersecurity right out of the gate so you need to build up experience. I’m in my senior year in cybersecurity and have been working help desk jobs for over a year. Fields services positions are good too. Cybersecurity teams look and see that a candidate can understand basic IT skills but use them in a security perspective.
@@EdinPuthy Thank you so much. This is excellent advice! I am currently studying for my planned A+ 1101 exam in September. I also am planning to get a Help desk position as soon as possible. Can I ask about the field position? What is that position called on an online job search? Do you feel like having that experience plus certifications is adequate for a cyber analyst position?
@@thatfishbreeder on a job search they’re usually called IT Field Service Technician. A lot of what they want is customer service experience with basic understanding in IT they normally teach you what you need to know you just have to be willing to learn. It might take a couple of years to get enough experience to be qualified for something in IT Security but I think it would be doable. A really good option would be to look for a company that has a cybersecurity team that you have an in with.
I literally love the thought of sitting all day doing tedious work. I'm weird but it's what I'm looking forward to and hoping for. I am stating to feel better that my chances of getting that type of work in the beginning are good
Very good video it has been a long time since i saw your video
Welcome back!
I absolutely love this video and the honesty. Great work and keep it up : 💖
Thank you :)
"You work with people". I really dont see how this could be used as a disadvantage of cyber security when I can count on my hand the number of jobs where you never interact with people. Classic "water is wet".
😂tru
12 hour a day entry level Cyber employee here. Spot on
You're probably the only youtuber that uses the most realistic video thumbnails.
A few years ago I worked in IT for a small company. A few months in we hired a Cyber security guy and he ended up sitting next to me in our cubicle department so I would witness his daily life. Really great guy but boy, was he stressed out every day. He was up every night getting paged for cyber alerts on our systems. Then he would come into the office and the head of our IT would constantly pull him into meetings with execs, engineers, Dev ops guys. Then he would be slammed throughout the day with tickets for systems needing patches, compliance updates. So much bullshit. He ended up leaving after about 5 months to a better shop but it def made me realize cyber security is not a fun job.
...this is good content...I work for a DoD agency as a project engineer....each major section of the organization has adopted a cyber group...you're right...it's a lot of hype...talk, talk, talk...sometimes I feel like I'm listening to Alan Greenspan..."I know you think you understand what you thought I said..." Policy-driven...inserting requirements into every project...the main thing I hear is "who is the owner"...basically, it's driven around obtaining mutual consent that when something breaks, who's to blame, and who's going to pay for it...Thanks Much...;-)
I agree with everything in this video! People these days look like something but they lack substance, smh.
I got the idea to make a career out of computers because of cybersecurity, but the more I got into it, the more I realized I didn't like using things in their non-intended way, I enjoyed creating things and fixing things back to their original intention. Have a nice career in IT now and learning little bits of Javascript as well.
You should become software or web developer if you like creating things virtually. But if you hate staring at the computer most of the time while creating stuff, you should become a hardware developer.
Great video 👍
Thank you!
Step 1: Get job in cyber security. Step 2: Watch out for the hype. Step 3: Ride the hype.
I been using Ghostery for years now. I have not dug to far into it, in fact it is pretty easy just to set it up and forget about it, but it seems to work good actually.
thank you so much for being real
Thanks very insightful
The hype part is the “Hacking”. people have to realize it’s a ton of research & digital forensics behind cybersecurity including risk mitigation/incident response & SIEM monitoring . I love the blue team aspect but the engineering side is where I live & breathe.
Well, they should know that if they are in the field of cybersecurity, then they aren't "Hackers" in the first place. Hackers are people like Richard Stallman, Tim-berners Lee, Dennis Ritchie, Aaron Swartz. People who believe that information and software should be free. They wouldn't be working for the benefit of corporations and government on proprietary software in the first place.
@@jamesdickerson6726 they are hackers tho, "hacker" does not equal a criminal or an activist, there are different types of hackers, and one of them, do, in fact, work in the cybersecurity field
@@Sarah-rd5zg wrong. A hacker has a particular mindset. Freedom of information and an open internet. Individual liberty. These are the foundation of the web, open source, gnu/linux. Hackers don't work to actively oppose these principles. They work to promote them. The government and corporations have appropriated the hacker mindset for their own agenda. Spying, espionage, proprietary software, reducing options, and corruption are the exact opposite of what it means to be a hacker.
🤓☝️ ummm aCkchelley wRoNNg
It's not that deep lil bro
Cybersecurity is what you make of it, I love it.
sir, when you read this comment, I totally agree with your view of how cybersecurity is so totally overhyped. Report writing, working with people, knowing the fundamentals sir. You nailed it. See through the hype sir. Good job
Thank you brother.
I am intererested in getting into Cybersecurity. But feel I need more info regarding this potential career. One thing I learned is that, there are no easy jobs in this world. Even sales related work is highly stressful dealing with people everyday. Probably will need to really enjoy the work to thrive.
I've been a software engineer for 12 years now, cutting code from the front-end all the way through to server and DB and understanding everything in between. I considered moving into security but after doing some research into this switch, I realised that being a developer allows me to be my own 'artist' - im as limited as my imagination and can start up my own gig. Being a security analyst or a related role, require you to be employed mostly and you're limited by the set of tools you use. It just doesn't feel as unlimited as being a dev does. Also - im from the UK and earning potential is around £50-100k for most senior dev jobs.
Hello i hope you have a good day , i wanted to ask you some questions. 50k a month ? as a freelance or employee ? as a dev or team leader ?
@@marwenhammami9575 50k a year.
@@marwenhammami9575 50k/hr, obviously.
@@tydal6516 😂
I have been waiting on someone to call those turds out for A WHILE 🪬🤔💯 NICE Grant 🚫🧢
Cybersecurity…where you will be told by an auditor with no experience in Cybersecurity or IT everything you’ve done wrong , and management believes them.
Thanks for sharing
Hey Grant Just came across your channel and I'm a big fan of your realistic approach. Im a beginner with absolutely no knowledge of IT or Tech and I'm considering a career in Chinese. Do you have a course that I can follow?
Video stopped moving @1:22 Hacked.
How to get a job in cyber security in the US: 1) Have a basic understanding of network administration. 2) Have a family that passes the NSA profile check three generations deep.
So basically don’t, because my day is an immigrant with a record. Got it. 😂
I mean, you could always black hat your way into a plea deal gig lol
@@MrJballn hahahahaha
@@MrJballn woahhh lol
So what you are saying is im going to school for no fucking reason 💀 im about to finnish up my general ed went ahead and got that outa the way first to think about what to do thought about doing IT but id prob only do my associates tbh
Cybersecurity Engineer work or the DoD type Information Systems Security Officer is mostly administration. It is NOT what I had pictured. I wanna just go back to networking now.
blue teaming gets plenty of traction but also is more about the business and best practice side of things which generally inst as interesting. Some of the sources you put out who talk about red teaming also talk blue teaming. The thing is what you say is the number one issue we have: The focus on trying to make the money without even having the general interest.
so do you NOT recommend getting into cybersecurity?
this is why i am not interested in the "hacking side"/pentest roles like over burnout/stress , no flexibility , can be boring , always being paranoid staying 24/7 on the latest cyber news even on off days not if this just for hacking or its just cyber sec as a whole and all the other things/subfields ???? .This is why i am switching to or want to do cloud sec engineering or software engineering seems less stressful
I think especially if you don't have a security clearance.
I’m been a controller/finance and want to switch over to cyber security. I’m 56 years old. I know anything is possible but interested in your thoughts.
Not sure why I didn't get to see this video a long time ago. I could at least send this to people who were desperately trying to get into this field. I've been in this industry for over 12 years and people actually do not believe that half my job is negotiating stuff with people for all the controls which I've to design and implement. The only saving grace and your sanity holding by a thread is a regulatory body. Without them, people would be scream and kick and ensure that there are no process or tech involved in solving any security problems. A lot of the useless "techfluencers" have messed up security for everyone. Keep doing the good stuff.
I know this isnt everything in a job... buuuut pay is not to bad especially out of college
depends on what your specific job is
if cybersecurity is about experience and hands on then it's cheaper to recruit ex hackers from prison than from university.
You didn't get the point. Cyber security is never about hacking. in fact, it is the opposite. it is about Defense. that is what the guy is explaining. I studied years about cyber security is hacking is just 1% of the security. 90% of the jobs available are about defense. If you go the actual company, it may have about 100 guys working on defense and may have 2 to 5 working on the other side.
It’s very boring sifting through tons of logs
What do you think of Fullstack academy? Im going through a 12 week bootcamp for cybersecurity. I was told it was like basic networking, coding, some pentetration( if i spelled that right), and cyber analyst. I just hope its worth getting certifications, im still new and learning the cybersecurity broad world, i think what i really want to do in the cyber world is investigation type cybersecurity. Anyone have any advice? Edit: nevermind. I feel discouraged because now I don’t know what to look for and do in terms of certifications and schooling. If the job doesn’t entail what I’ve learned then whats the point?
Great video, Grant! I was part of the hype, in a way, but I kind of knew we weren't going to be wearing masks, dressed in black, etc.. to this day it is funny to see adverts to cybersec courses or hacking courses with the typical guy dressed in a black hoodie, typing those enigmatics green letters into a black screen, being all mysterious. haha anyway, your video is pretty necessary still.
thank you for finally being honest, not like one of those generic Insta posers that just want an audience!
i just got my major in Cyber Security omg
There is a lot of BS in CyberSec field because every non-technical recruiter/HR person is recruiting for Cybersecurity. People working in cybersec industry hv varied backgrounds. Some were network engineers 2-3 yrs ago so they donot have a complete overview of different areas of security, some non-technical ppl directly entered in Cybersecurity by doing CISSP which gave them an overall idea of security topics but technically they dont hv the required expertise and are technically weak, some hv software engineering background and trying to enter security but hv no idea about hardware side of Cybersecurity. The Certifications introduced within last 2-3 years are so many that everyone is confused as which one to choose and which path to follow. This is the challenge. There is so much confusion in Job descriptions. HR is looking for a superman who knows everything and is expert in all kind of newly emerged technologies/platforms. This confusion will stay here in future aswell because more and more technologies and devices are coming in the market at such a fast speed.
This doesn't apply to just cyber security but programming in all industry. You won't be writing or creating complicated and elaborate apps or programs that will change the world. As a java developer that was working in an ETL team for citi Bank, my first job was to write a couple of loggers or add a couple of fields in
Hey i really need to know maybe its off topic. I àm getting into networking and cloud computing. Is there growth in networking jobs? I really just spent a ton of money on a course
You should make a podcast .
Man you’ve been staring at the screen to long. Those crazy eyes are coming out
It’s technical and Analytical by nature! You must do the research to provide cyber Aid, yet sometimes it’s just setting up layers on security apps and config settings to mitigate potential Or inevitable Threats! This is not a shock it’s always been much more than red team hacking and cracking that you see on TV.
I mean you say this but my first job was web vulnerability assessment where I was effectively literally hacking all day. Currently I'm a red teamer and do the whole shebang - penetration tests, physical security, social engineering. It is effectively hacking all day except for of course report writing etc which can't be helped. So yes not all of cyber security is about offensive side and hacking, but the way you present it makes it sound like that's not a thing that happens - indeed you put in your title "it's not reality as a career". For me it absolutely is reality, I do spend most of the day sending malware, searching for and exploiting vulnerabilities and misconfiguration s, poking round file systems etc. It absolutely can be reality as a career provided you go down the right path. If you pick SOC or security engineer etc then yeah that won't be happening but do an offensive type job and it will
Nowadays there’s automated tool that do penetration testing, vulnerability management, and instant forensic analysis with beautiful GUIs.
I would caveat your comment. Its unusual(not impossible) to start in a pen testing position at entry level. There are some positions out there but most from what I've seen want you to have some breadth of experience. If you have a clearance the chances are more likely.
@@nelauren Uh yeah imma be real this means nothing. The role still needs to be filled by a person and is still a wanted position.
@@blvckl0tcs750 I didn’t say otherwise.
Can you give an honest assessment on WGU to see if its worth time? All my searching and I cannot see if it full teaches a person what they need.
Thanks so much, this is a really helpful video! I am considering machine learning/AI now as I was stuck between cybersecurity and that
As a ISSO that wants to lean more to pentesting I assure you RMF/GCRC is boring and complicated. Alot times dealing with project management and other stakeholders a lot of compliance and auditing.
My plan is just to base on Cybersecurity laws and policies and am hopping to be fine on the industry. Indiana University offers Cyber-laws and policies.
Interesting video. It’s obvious to me the cyber is rarely ever pentesting. I would imagine though, that alot of people do watch mr robot and think that’s how the industry is lol
Then you find out the top brass are conducting nation state apt hacks on other countries. Then they look the other way and claim they arent.
im taking the cisco networking academy cybersecurity career pathway im hoping i get something out of this i have no idea where to start learning so i can tap into the industry
how did that go? or is going?
at one moment, i thought my screen my freeze XDXD
I think a lot of what people think Cybersecurity is, boils down to marketing.
Adam Jensen... 'Deus Ex Guy' is the job we are looking for
The other issue I have with this field is that the job market is HORRENDOUS. So many big wig company's posting "entry-level" positions that require 10 years of experience in IT and between 2 and 5 expensive af certifications. I have a love/hat relationship with cyber security.
I have two questions on the subject: 1- In 10 years, can AIs replace or take over many vacancies in cybersecurity? 2- Do you think doing comptia+, NDE, DFE, cloud+ would already be enough certifications to enter the market as a junior? what salary to expect?
So is it worth going through with these degree program grant? like WGU and Purdue global?
It really just depends. I think you could go either way and be successful. I do typically advise students get their degree if they are 18 years old, it helps with the "credibility" (getting you past the HR filter).
Can you mention which online sources to follow
Any advice to break into this career?
Is cybersecurity good to learn to protect a personal business website?
Finally, someone being truthful