#CyberSecurity #IndustryInsights #CareerCuriosity
Hey everyone! 👋 Have you ever wondered what exactly cybersecurity professionals do on a daily basis? I’ve been diving into this topic lately and I’m curious to hear your thoughts!
From what I’ve gathered from various sources, cybersecurity experts:
– Implement security best practices to protect sensitive data 🛡️
– Deal with encryption techniques to keep information secure 🔐
– Monitor for any potential security threats or breaches 🚨
– Respond to and mitigate any security incidents that may occur 💻
I always thought these roles were more behind the scenes and less technical, but it seems like they play a crucial role in maintaining the security of companies’ digital assets.
However, I’m still left wondering – why are these roles so highly paid if they are mainly focused on monitoring and maintaining security protocols? 🤔 Do you have any insights on this?
Personally, I think the increasing need for cybersecurity and the potential risks associated with data breaches have made these roles invaluable in today’s digital world. But I’d love to hear your perspectives on this! 🌐 Let’s keep the conversation going!
RemindMe! 2 days
RemindMe! 3 days
I work at a large financial company and the cyber group is present in most projects and efforts. You need to get cyber sign-off for many production systems. Basically they watch to see that you are following good cyber policies and guidelines, such as having proper levels of encryption for different kinds of data, avoiding concentrations of risk where an intruder could gain access to like the entire company by compromising one system, etc. There are industry standards such as the “7 layers of cybersecurity”. There are products and systems that monitor activity and look for intrusions, anomalies, collect data on access, ensure it falls into satisfactory patterns, etc.
In my experience the actual people that I know that work in cyber security are technical enough to have technical discussions but not really engineers or architects, and they are honestly somewhat bureaucratic and write and enforce policies, like a small police force. I am in software delivery and they usually represent obstacles to me getting things done, I guess you could say they are necessary but are really mostly a headache.
In my experience, absolutely nothing. They run a script and generate reports, and dont’ even read them or understand them. All of those scripts just link to publically available information of known exploits.
most companies i’ve been and including my current one, they never do anything and just ran bureucratic stuff that prevents teams to actually acomplish job.
>How is that a multi-hundred thousand job on par with something like app development or data science? Genuinely asking, trying to understand here.
Best you rid of that app development superiority complex, as little kids are creating apps these days. To answer your question very simply, without monitoring, a system can be compromised , leading to millions of dollars in damages, and there are numerous examples of this all over the place.
Run scripts, look at dashboards, and tell people “no” a lot.
Depending on the size of the company and the industry it’s in, there can be many different teams under the security umbrella (btw don’t refer to it as “cyber” if you interview for a security role lol, only linkedinfluencers do that). Some common teams and their purposes:
* Security Operations (typically people on this team will be called security analysts or incident response): This team is what most people think of when they hear “cybersecurity”. Mostly focused on detecting malicious activity, responding to security incidents, designing detections and alerts, etc. Can also involve running reports, gathering metrics, ensuring compliance. Less coding involved so less likely to have a software eng background, but as “detection as code” becomes more of a thing there is more code involved. “Detection and response engineer” has been a role I’ve seen more openings for in recent years.
* Compliance/Governance: Strictly focused on ensuring the company’s security controls are in line with compliance standards that the company needs to adhere to (for example: HIPAA if they deal with medical data, FEDRAMP if they sell to the government, etc). I’m less familiar with the day-to-day for this team, but my understanding is that coding is basically not involved. Sometimes this team will be under the legal department.
* Application Security (AppSec): This team is making sure the actual software made by the company is secure. This can involve code reviews to make sure that vulns aren’t introduced by poor coding practices, architecture reviews for services to find security issues with how a service is constructed, and management of vulnerabilities introduced by third party libraries. People on this team are frequently former software engineers.
* Infrastructure Security/Cloud Security: Primary focus is on the infrastructure that the company’s software runs on. This could be on-prem servers, but is more commonly cloud infrastructure (AWS/GCP/Azure) in recent years, which can include virtual machines, databases, networking config, etc. These teams, especially more modern ones, do frequently write code but it’s less likely to be in your typical programming languages and more likely to be in infrastructure-as-code languages (Kubernetes manifests, Terraform, etc). People on this team are frequently former infrastructure engineers.
* IT Security: Primary focus is making that the company’s assets are secure. This includes securing the networks at the offices, the laptops used by employees, and the various systems that employees need access to. I see this role a little bit less than I used to, I think a lot of the role is just being combined into the IT departments.
* Security Engineering: These teams are not as common but they’re software engineering teams that make build security tools and services for the company. This can include anything from security configuration scanning tools to authn/authz services in the company’s actual product. I’ve sometimes seen this role just be within the AppSec team, or just within the engineering department and away from the rest of Security.
* Data Security: I’ve only recently seen these roles. Very focused on security of data tools and practices, kind of a subset of infrastructure security.
* Offensive Security/Red Team/Pentesters: Most of the time this role is outsourced to third parties, but some companies have internal teams for this. Their goal is to find and exploit vulnerabilities in the company’s systems, then write up how they did it and assist in the remediation of said vulns. Like I said, I rarely see these roles, but when I do they’re frequently held by people with AppSec eng experience.
I’ve worked across a few different of the teams listed, and have collaborated with all of them, happy to answer questions on specific ones.
Check this out… https://www.blackhillsinfosec.com/prompt-zine/prompt-issue-infosec-survival-guide-second-volume/
I work in cybersecurity research.
At my current job, I study how cyber adversaries attack computer systems and networks and write code to detect and classify that kind of behavior for an endpoint detection and response product.
I also publish and give talks about my research.
Send fake phishing emails and yell at you when you commit keys to source code.
At my company they ban Outlook, make sure developers don’t have admin rights on their local workstations, and maintain a really dated list of allowed software that doesn’t include most dev tools.
You’re asking a question that is not answerable, despite what other replies say, because “cybersecurity” is not a job role.
Jobs in the fields of cybersecurity range across the entire set of job roles related to software engineering with additional roles around information security and assurance such as compliance, consulting and auditing.
The field is vast and highly specialized and few roles are able to be followed by junior level talent. Often times people make their way to cybersecurity roles after some years in other jobs including systems and business analysts, systems administration and operations, software development, penetration testing and malware research, and other specialties that fall within the field.