5 answers
Asked
557 views
What are the rewards and cons of Cyber Security? What does a normal day look like?
I am wanting to go into pentesting for cyber security.
Login to comment
5 answers
Updated
Ann’s Answer
Embarking on a cybersecurity career can be both fulfilling and challenging. The benefits are numerous, including a lucrative salary, high job security, and the chance to continually grow and evolve as the technological landscape shifts. Moreover, it's a role that truly makes a difference, as your work directly enhances the security of your organization. Like any profession, it has its drawbacks, such as high-pressure situations, particularly during a cyber crisis. During these times, you may find yourself on standby for extended periods until the issue is resolved.
Being a penetration tester is a dynamic role with no two days being the same, as you'll face diverse scenarios. Nonetheless, there are common strategies to approach this role, akin to other jobs. The process begins with organizing your tasks, which includes understanding the scope of the project and gathering the necessary tools. Following this, you move to the execution phase where you test the scenarios and environments to pinpoint vulnerabilities and potential attack routes. After completing your tests, you'll scrutinize the results to comprehend how an attacker might exploit these weak points. This analysis is then condensed into a report that provides an overview and an appendix detailing the testing, proof of concept, and suggestions for improvement. Communication is a crucial aspect of the job, as you'll need to articulate your tests, findings, potential risks, and their solutions in simple language, considering that your audience may not always be tech-savvy.
Being a penetration tester is a dynamic role with no two days being the same, as you'll face diverse scenarios. Nonetheless, there are common strategies to approach this role, akin to other jobs. The process begins with organizing your tasks, which includes understanding the scope of the project and gathering the necessary tools. Following this, you move to the execution phase where you test the scenarios and environments to pinpoint vulnerabilities and potential attack routes. After completing your tests, you'll scrutinize the results to comprehend how an attacker might exploit these weak points. This analysis is then condensed into a report that provides an overview and an appendix detailing the testing, proof of concept, and suggestions for improvement. Communication is a crucial aspect of the job, as you'll need to articulate your tests, findings, potential risks, and their solutions in simple language, considering that your audience may not always be tech-savvy.
Updated
Aman’s Answer
Hi Jay,
Great to hear that you're interested in getting into penetration testing! Cybersecurity, especially pentesting, comes with its unique set of rewards and challenges. One of the main rewards is the thrill of outsmarting malicious hackers and protecting information that truly matters to you and to the organizations you work for. You’ll have the chance to work on the cutting edge of technology; every day brings new challenges and learning opportunities. For instance, discovering and exploiting vulnerabilities can lead to a significant impact in an organization’s security posture, making you feel like a digital superhero.
However, it’s essential to acknowledge some of the downsides too. The job can become quite stressful at times; the stakes are high, and one mistake could lead to severe consequences for a company. Additionally, the continuous learning curve can be daunting—tools and techniques are always evolving—so you need to keep up with the latest trends and threats, which can sometimes feel overwhelming. You might find yourself spending long hours on reports, and there's often the pressure of tight deadlines to secure systems before they can be exploited.
A day in the life of a pentester typically starts with a review of client requirements and a quick briefing about the vulnerabilities that need testing. You might spend the morning running various testing tools like Metasploit or Burp Suite to identify weaknesses in systems. Lunchtime can often become a brainstorming session with team members about findings and strategies to fortify defenses. In the afternoon, you'll document results and prepare to present these to clients in a comprehensive manner, often suggesting ways to mitigate risks. It’s a mix of investigative analysis, technical skills, and effective communication, which keeps things exciting!
Best of luck as you embark on this journey—it’s a fulfilling career that offers plenty of chances to make a real difference!
Take care,
Aman
Great to hear that you're interested in getting into penetration testing! Cybersecurity, especially pentesting, comes with its unique set of rewards and challenges. One of the main rewards is the thrill of outsmarting malicious hackers and protecting information that truly matters to you and to the organizations you work for. You’ll have the chance to work on the cutting edge of technology; every day brings new challenges and learning opportunities. For instance, discovering and exploiting vulnerabilities can lead to a significant impact in an organization’s security posture, making you feel like a digital superhero.
However, it’s essential to acknowledge some of the downsides too. The job can become quite stressful at times; the stakes are high, and one mistake could lead to severe consequences for a company. Additionally, the continuous learning curve can be daunting—tools and techniques are always evolving—so you need to keep up with the latest trends and threats, which can sometimes feel overwhelming. You might find yourself spending long hours on reports, and there's often the pressure of tight deadlines to secure systems before they can be exploited.
A day in the life of a pentester typically starts with a review of client requirements and a quick briefing about the vulnerabilities that need testing. You might spend the morning running various testing tools like Metasploit or Burp Suite to identify weaknesses in systems. Lunchtime can often become a brainstorming session with team members about findings and strategies to fortify defenses. In the afternoon, you'll document results and prepare to present these to clients in a comprehensive manner, often suggesting ways to mitigate risks. It’s a mix of investigative analysis, technical skills, and effective communication, which keeps things exciting!
Best of luck as you embark on this journey—it’s a fulfilling career that offers plenty of chances to make a real difference!
Take care,
Aman
Updated
James Patterson’s Answer
Pros:
- No two days are the same. Each day brings new challenges, and you must be the type of person ready to rise to the occasion.
- There’s no such thing as a “know-it-all” in cybersecurity. Whether it’s incident response, application security, security operations, or penetration testing, no one knows everything. This field offers endless opportunities to learn and grow.
Cons:
- Cybersecurity incidents can happen at any time, and you must respond, no matter the day or hour. This can be particularly inconvenient when dealing with criminal hackers who often operate during holiday breaks. Cybersecurity is not a job, it's a lifestyle.
- In cybersecurity, there’s no such thing as being “done.” As soon as a new process or service is implemented, the focus shifts to process improvement and addressing emerging threats that may not have existed when the project began. A career in cybersecurity requires a commitment to lifelong learning and adaptation.
- No two days are the same. Each day brings new challenges, and you must be the type of person ready to rise to the occasion.
- There’s no such thing as a “know-it-all” in cybersecurity. Whether it’s incident response, application security, security operations, or penetration testing, no one knows everything. This field offers endless opportunities to learn and grow.
Cons:
- Cybersecurity incidents can happen at any time, and you must respond, no matter the day or hour. This can be particularly inconvenient when dealing with criminal hackers who often operate during holiday breaks. Cybersecurity is not a job, it's a lifestyle.
- In cybersecurity, there’s no such thing as being “done.” As soon as a new process or service is implemented, the focus shifts to process improvement and addressing emerging threats that may not have existed when the project began. A career in cybersecurity requires a commitment to lifelong learning and adaptation.
Updated
brian’s Answer
Thank-you for your question and interest in learning more about this very specific job within the cybersecurity industry. Let me start by stating my opinion that there is a job role, as a penetration tester and then there is the task of penetration testing. I know many more individuals, who perform penetration testing, as a task (part of a broader job role). To give you an example, it is very common for a Security Consultant to perform a penetration test as a specific task, when they are delivering a security assessment of a company / organization. That however would not be the only task the consultant is performing. Keep that in mind, when reasoning over the following PROS / CONS.
PROS:
- intellectually stimulating tasks, when attempting to compromise a device, system or network, based upon known vulnerabilities or finding new vulnerabilities.
- a great way to learn about how devices, systems or networks are supposed to work.
- develop skills in the use of public domain and commercial penetration testing tools.
- develop scripting skills, to understand public domain exploit scripts, or develop your own, with automation of tasks in mind.
CONS:
- if this is the sole task of your role, it could become very mundane and boring, due to the repetitive nature of the task.
- if may also become frustrating, if you are unable to accomplish the task at hand in a timely manner.
- it may require significant reporting authoring skills to translate findings into business terms, which requires more than basic composition skills, and ability to match terms, nomenclature and relevance to your target audience.
PROS:
- intellectually stimulating tasks, when attempting to compromise a device, system or network, based upon known vulnerabilities or finding new vulnerabilities.
- a great way to learn about how devices, systems or networks are supposed to work.
- develop skills in the use of public domain and commercial penetration testing tools.
- develop scripting skills, to understand public domain exploit scripts, or develop your own, with automation of tasks in mind.
CONS:
- if this is the sole task of your role, it could become very mundane and boring, due to the repetitive nature of the task.
- if may also become frustrating, if you are unable to accomplish the task at hand in a timely manner.
- it may require significant reporting authoring skills to translate findings into business terms, which requires more than basic composition skills, and ability to match terms, nomenclature and relevance to your target audience.
Updated
Biplab’s Answer
Hi Jay,
Good questions:
Great questions! Although I myself am not a cyber security analyst, many members of my team are, so happy to assist where I can:
A typical day in the life of our cybersecurity analysts starts with a turnover meeting where our analysts receive any critical or important information from the analysts working the previous shifts. This can be trends noticed in terms of incidents, any spikes of certain malicious activity, or other relevant details. The analyst then logs into their incident review dashboard and starts picking up incidents in the order they come in while triaging for higher criticality incidents first. Analysts typically follow runbooks that outline the recommended analysis path for investigation while also cross-referencing any other relevant data in system logs captured , document their logical conclusion, and ultimately close the incident with an appropriate disposition such as false positive, true positive, etc as well as any appropriate follow-up steps needed for remediation. Analysts may also, depending on a client's incident response plan and escalation procedures, directly contact client security teams for further remediation steps needed for higher criticality incidents. At the end of a cybersecurity analyst's day, they prepare their shift turnover notes and discuss these with their colleagues in the incoming security shift. Hope this helps!
As for Pros and Cons --
Pros:
Can work remote
Work in an Industry that is in demand
Cons:
Shifts can vary, some of them may be at night
Good luck!
Good questions:
Great questions! Although I myself am not a cyber security analyst, many members of my team are, so happy to assist where I can:
A typical day in the life of our cybersecurity analysts starts with a turnover meeting where our analysts receive any critical or important information from the analysts working the previous shifts. This can be trends noticed in terms of incidents, any spikes of certain malicious activity, or other relevant details. The analyst then logs into their incident review dashboard and starts picking up incidents in the order they come in while triaging for higher criticality incidents first. Analysts typically follow runbooks that outline the recommended analysis path for investigation while also cross-referencing any other relevant data in system logs captured , document their logical conclusion, and ultimately close the incident with an appropriate disposition such as false positive, true positive, etc as well as any appropriate follow-up steps needed for remediation. Analysts may also, depending on a client's incident response plan and escalation procedures, directly contact client security teams for further remediation steps needed for higher criticality incidents. At the end of a cybersecurity analyst's day, they prepare their shift turnover notes and discuss these with their colleagues in the incoming security shift. Hope this helps!
As for Pros and Cons --
Pros:
Can work remote
Work in an Industry that is in demand
Cons:
Shifts can vary, some of them may be at night
Good luck!