Is cybersecurity Boring?- I work in cyber security as a cyber security architect, and the security teams for which I work have a variety of responsibilities. When I originally started looking for entry level employment, my aim was to figure out which ones were the most fascinating.
Lower-level cyber security professions are, on the whole, quite uninteresting because they are tedious and repetitive. Where the same actions, such as running through checklists, examining logs like security and incident logs, checking dashboards for alerts, and creating tickets from a central security email address into an incident management application, are repeated as part of daily activities.
Employees in cyber security may become demotivated as a result of the monotony of their duties, which can also cause a lot of stress. Many of these positions have a high employee turnover rate because workers feel discouraged by the repetition and resign.
One of my close friends used to work in a low-level, dull position in cyber security, where they worked in shifts, either the early or late shift. They had to complete a checklist for each shift, with the morning shift needing them to complete it first thing in the morning and the late shift wanting them to complete it near the conclusion of their shift.
They told me that going through the checklist, checking several dashboards, logs, and a variety of other tedious activities may take up to two hours. When they were checking, they said they felt like a robot because they were in automatic mode, as if they were running a computer programme in their heads to check this and then check that.
They’d have to check the centralised email address for the entire cyber security team, where any incident-related emails would arrive, once the checklists were completed. They’d have to go through each of these emails and add the ones that are important to the incident management application. So, let’s imagine you received an email from another employee who worked in accounts, and the email read something like,
“I accidentally sent some of our customer information to the wrong customer”
My friend would have to enter the details of the employee who sent the email, the time of the occurrence, the incident details, and so on into the incident management application. Then they’d have to figure out who should be in charge of this incident; in the case above, the data privacy team may have been in charge. Each occurrence would be assigned a priority ranking based on my friend’s assessment of its seriousness.
They stated that privacy-related matters would be given a three-star priority, but that if the situation appeared to be significant, my buddy would contact a data privacy team contact mentioned on the website. This might be an emergency out-of-hours number if they had to call them outside of work hours, such as at the start of the early shift or at the end of the late shift.
They didn’t stay in this work for long, and instead used their ability to swiftly pick up new skills and information to advance to a new position. Increasing their involvement in incident management-related roles, such as incident management planning.
One of my friend’s pet peeves about their tedious job was the lack of social connection, since they spent a big portion of their shift alone, with no interaction with other employees. Any job can become monotonous due to a lack of social connection, and some lower level cyber security occupations are no exception.
Is Cybersecurity a Stressful Job?
Cyber security can be a demanding job, especially if it involves incident management, because a significant occurrence can require all hands on deck and the completion of tasks under time constraints. As a result, additional hours are required to ensure that the issue is confined.
I had a simple 9-to-5 job at one of the organisations where I worked, except for one day when there was an incident. Initially, it appeared that the firm had been the victim of a successful cyber attack, necessitating the start of a complete incident management process.
I had to become involved since it appeared that an attacker had managed to penetrate one of the security safeguards on the project I was working on. Worse, the incident management process began just as I was about to log off for the day, so I had no choice but to stay at work and assist the incident manager and the incident management team.
This was a first for me; I’d never been in an accident before, so my curiosity got the best of me. However, some of the other callers, particularly those on the incident management team, had to work in these conditions on a regular basis. That is, the unknown, where an event could occur at any time, and they needed to be prepared and on top of their game in order to manage the problem as swiftly as possible.
This meant that their 9 to 5 job could evolve into a 9 to midnight job, or, in the worst-case scenario, an all-nighter. The team had to pass the baton of being “on-call” to each other. This means they could be soundly sleeping at home when the phone rings to inform them of a potential serious incident.
Once the incident management process was started, the incident manager would ask the team a lot of questions in order to figure out what investigations and activities they would need to do. To ensure that the impact of any catastrophe is minimised, all of this would have to be done swiftly and precisely.
For example, suppose one of the cloud storage services, such as Amazon’s Simple Storage Service (S3) bucket, was misconfigured and detected by one of the security programmes. The following items would need to be considered as part of the incident management process:
- when this was discovered,
- when the misconfiguration occurred,
- what information is stored in the S3 bucket,
- who’s accessed the information,
- what could potentially be the impact of unauthorized access,
- how can the misconfiguration be fixed, and a damage limitation exercise started.
There are numerous investigations and tasks to be completed, and if the information stored in this S3 bucket was of high value, such as credit card information, organisational secrets, or customer information, senior executives may be required to participate.
For me, not knowing how my working day would go, as I could wind up working longer hours than I intended throughout the day, being called late at night, having my sleep disrupted, and overall not being able to get into a routine would cause a lot of stress, as it does for many other people. This is why I steered clear of occupations like these.
My positions as a cyber security architect have not been stressful, and they will continue to be so in the future, since I serve as an advisor and work strictly a 9 to 5 schedule. If I have to commute, I sometimes work from 8 to 4 to avoid the stress of commuting during rush hour. My position is not unique; there are numerous professions in cyber security that are similar to mine, ranging from analysis to engineering to risk management.
I always advise anyone new to cyber security to treat jobs like incident management as temporary as much as possible, especially if they are unpleasant, and to utilise them as a stepping stone to less stressful employment.
Is it Worth Going into Cybersecurity?
Overall, pursuing a career in cyber security is well worth the effort, as the pay is higher than that of other IT occupations. Both monetary and contractual rewards are available for executing the assignments, with many of them being quite intriguing.
When compared to other jobs in the information technology field, cyber security positions pay well. Friends of mine who have switched from other types of information technology professions have experienced a significant rise in their pay, sometimes as much as 50%.
For me, the social components of my cyber security profession, where I interact with many teams within a company as a cyber security architect, are appealing. This is really fulfilling to me because it allows me to form friendships and, more importantly, it allows me to demonstrate to my coworkers that I am available to assist them.
I’m not there to put up roadblocks and prevent people from doing their duties by enforcing excessive security measures. Instead, I’m there to talk about how we can both work together to satisfy the organization’s and security’s needs.
I also appreciate the fact that many cyber security responsibilities confer authority, particularly in organisations that regard security as a “first-class citizen.” Thankfully, none of this has gone to my head.
I enjoy working in a leadership position, but my credo remains the same: help others in the same organisation understand and respect the importance of cyber security. Our employer and we must ensure that they are safe from cyber dangers and attacks because they are the “hand that feeds.”
Does Cybersecurity Require Coding?
In comparison to specific specialised areas in cyber security where coding is vital, there are many more jobs in cyber security that do not require any coding expertise or experience. People who work in jobs that do not require coding knowledge are more focused and active in the architectural, design, planning, construction, and support of an organization’s cyber security activities.
People frequently mistakenly believe that having coding experience is a must for obtaining a job in cyber security when, in fact, the majority of positions do not require any coding experience or knowledge. As a result, these individuals may get interested in studying coding languages, particularly Python, as they regard it as a fast pathway to cyber security.
Unfortunately, this isn’t the case, since true cyber security expertise and knowledge are valued more, and coding skills are considered a ‘nice to have’ capability in most cyber security employment.
I haven’t done any coding in any of the cyber security roles I’ve had. Other than being able to use the web programming language PHP for some of the websites I develop for non-work related activities, I have no coding skills. My lack of coding skills hasn’t stopped me from working in cyber security.
In all of the cyber security tasks I’ve worked on, I’ve advised coders on how to code safely. I’ve worked with hackers who programme in Java,.NET, Python, as well as front end JavaScript based frameworks like Vue, React, and Angular, and I know nothing about coding in these languages.
I do know, however, that they must code securely by not including passwords in their code or performing database queries that can be readily hacked. I don’t need to know anything about coding, classes, or object-oriented programming; this is all I need to know.
When I worked for one company, there was a significant cyber security team of over 80 individuals, which included:
- Security Architects
- Security Consultants
- Security Engineers
- Security Analysts
- Risk Analysts
- Security Testers
- SOC Engineers
- SOC Analysts
- Incident Management
- Data Privacy Specialists
Only approximately 15 of the 80 or so members on the security team utilised code on a regular basis, according to my estimation. That’s less than a quarter of a percent. In their jibs, Security Testers and some SOC analysts use a lot of coding expertise. Because security testers, like penetration testers, need to understand code in order to execute their security tests against it.
While some SOC Analysts, particularly those involved in Red Team and Blue Team activities, would need to be able to code, the Red Teams were responsible for Ethical Hacking and could include individuals who would need to manipulate code or create threat and vulnerability code in order for the Blue Team to find this vulnerability.
Security Engineers would need certain coding abilities depending on their job responsibilities. For example, if they were developing scripts on Linux or Unix (bash scripts) or even Windows (PowerShell), they would need to know how to code. But only if these entailed security tools, in which case the tool vendor would most likely come in and assist with the installation of the security product, as well as any scripting requirements.
After the vendor had generated the accompanying scripts, the security engineers would most likely package the installation and configuration of the security solution using templates like Azure ARM Templates or AWS CloudFormation, or even a templating language like Terraform. I’d be hesitant to declare that the security engineers in this case were 100% coders, because templating languages are much easier to learn than coding languages like Python. These templating languages are far more declarative than logical, and I’ve done some basic Terraform template construction and find it much easier than PHP writing.
More crucially, the projects’ DevOps engineers would be in charge of a lot of the cyber security work I recommend to them. Because the DevOps team knows how to code, if I wanted them to instal security software, they’d have to write scripts in Python to automate the process if templating wasn’t used.
So, while it’s reasonable to presume DevOps engineers need to know how to code, I, as a cyber security professional, would need to know nothing about coding, despite the fact that coding is involved in what I’ve suggested.
The DevOps engineers were not on the cyber security team; instead, they were on the project team, which meant that their coding skills and experience were irrelevant for a job in cyber security because they didn’t work in cyber security.
Python Skills
I recall being on a team with five other cyber security architects at one company, and one of my coworkers was teaching several interns who were doing work experience as part of their university degree programme. He had taught them some basic python so that they could run reports and extract data from files and quickly import it into Microsoft Excel spreadsheets, from which they could build reports.
My coworker had a deep understanding of Python and could code to a very high level; in fact, I’m confident that if they chose to work as a developer, they would be able to do so with ease. My coworker, on the other hand, used to complain that we didn’t get any opportunities to utilise Python outside of what he was doing with the interns because it wasn’t required for our day-to-day employment.
Some of the security engineering jobs may be appropriate for you if you enjoy coding and want to work in cyber security in a coding-related career. Penetration testing, ethical hacking, and working in red and blue teams are all security testing occupations that may be more relevant.
Do You Have to be Smart to be in Cybersecurity?
Most cyber security occupations do not require a high level of intelligence, as most jobs include applying cyber security concepts, standards, and best practises to projects and situations. These cyber security concepts and standards can be simply deployed across any firm once they’ve been grasped.
I’m averagely intelligent and wouldn’t consider myself particularly bright, but I have no trouble finding positions in cyber security. Simply because I understand what cyber security is, what the most common threats and assaults are, and how the principles, standards, and best practises for security may be applied.
Over time, I’ve acquired a mindset for thinking like a hacker, which has helped me comprehend the precautions that must be implemented to combat these types of hackers.
While there are numerous careers that do not demand a high level of intelligence, there are other jobs in cyber security that do. There are occupations that need advanced coding, analysis, and threat assessments. These cyber security positions tend to attract only the brightest candidates, yet they make up a small part of a company’s overall cyber security staff.
I don’t have a college diploma; I only have a high school diploma, but I’m regularly approached by companies who want me to work for them. The reason for this is that I have extensive experience in cyber security, which I have created using cyber security concepts and standards.
In my daily work, I apply several of the following principles:
- Authentication
- Authorization
- Accounting (Auditing)
- Confidentiality
- Integrity
- Availability
- Principle of Least Privilege
- Separation of duties
These ideas are simple enough for me to apply to any cyber security project I’m working on. So, based on the first principle, authentication, I’ll see if the project’s deliverables include authentication. This might be a website or a web application that requires customers to log in. Customers must have a username and a valid password to login, and authentication provides a means to show they are who they say they are.
When it comes to authorisation, the principles would entail ensuring that consumers may only see information that is relevant to them when they log in, as long as they are authorised to see it. Customers will not be able to read information about other customers because they have not been given permission to do so. If they can see information about other customers, it’s a red flag for me that the authorisation isn’t working properly, or worse, that no authorization exists.
All contacts with the website and any other services by consumers, workers, third parties, and contractors are tracked under the Accounting principle. As a result, every time they try to log in, a security event is recorded in a file called a log, which includes the logging user’s username, as well as the time and date. If the login fails due to an error, such as entering the wrong password, the error is also recorded.
Logging is vital because it keeps track of security-related events, which can be evaluated for suspicious trends, such as logging in from unusual places, such as outside the country where the user usually logs in. This could signal that the user account has been compromised, and by responding swiftly and suspending or disabling the account, potential cyber threats can be avoided.
Confidentiality principles are critical in securing an organization’s information by ensuring that only those who are authorised to see it have access to it, as well as ensuring that the information is protected if it is stolen. In most cases, this can be accomplished by ensuring that the data component of information is encrypted during storage and transfer via encrypted channels.
Integrity standards are crucial to ensure that information isn’t tampered with or manipulated, such as when a report on a company’s profit that shows a significant loss is changed to indicate enormous profits. The report’s integrity has been harmed as a result of this change, as the information it contains is inaccurate, and the report’s impact on a company’s share price, a merger, or a takeover could be influenced. As a result of altered information, investors may experience possible losses, which may result in job losses to offset the loss of profit.
Availability guarantees that information can be used, ensuring that a website where doctors can access medical records about their patients does not go down, leaving doctors without critical information.
Malicious parties utilise common distributed denial of service (DDoS) attacks to take down services like websites, preventing legitimate users from accessing them. The DDoS attack causes the website’s support systems, such as web servers and load balancers, to become overloaded, lowering and, in some circumstances, crippling access.
The idea of least privilege is vital for ensuring that a user’s privileges on a system are appropriate for the job they are performing. As a result, a regular user who only has to log in and use Microsoft Word, Microsoft Excel, and check their email does not require administrator capabilities. To execute their job, they only require basic privileges.
The separation of duties principle tries to spread privileges across a group of people so that no one person has all of the advantages that are deemed to be too powerful. As a result, when software is built, tested, and deployed, no single individual has the authority to build, test, or release the software into a “real-world” environment such as production.
Instead, the various stages of the release cycle are divided into separate jobs with varying levels of privileges to ensure that not only the concept of least privilege is followed, but that no single person can perform everything from application development through testing and release.
Final thoughts
Working in cyber security is something I find highly interesting and never boring. My day-to-day job tasks are really fulfilling, particularly when they entail interacting with other employees, meeting suppliers, reviewing new cyber security tools, and examining methods to improve cyber security risk postures across my employer’s firm.
Because I haven’t been actively involved in demanding activities, such as incident management, I don’t find the roles I’ve held stressful. I try to stick to a 9 to 5 pattern, and once I do, my obligations are much easier to manage, and I’m not overwhelmed by work tasks because I’ve gotten very good at managing my work schedules.
I have ordinary IQ, but it hasn’t stopped me from working in cyber security. I’ve mastered the major principles of cyber security and have been successful in implementing these ideas wherever I’ve worked.
Most cyber security occupations do not require any coding skills; however, some jobs, particularly those involving ethical hacking, engineering, or analysis, may require some programming knowledge. However, coding and programming abilities are not required for the work I do, nor for the work that most people in cyber security undertake.
Overall, cyber security is a job that is not only financially rewarding but can also be a very intriguing one to be a part of. I enjoy the work I do, and the social connection with the people I encounter is a huge plus for me. I strongly advise anyone considering a new career or a career shift to read it.
