Hey all,
My name is Coby and I wondered if you can help me one of the biggest questions in the world,
Career path ! ! !
I am currently a student for Bsc in computer science,
To be honest I don't see my self sitting in an office and programming for 12 hours a day and the reason for that is that I just love programming ! not for others .. I love it as a tool and I find it very useful but can't really see myself working there for the next 20 years.
However, I love Cyber security, I love it ! I have passion for malwares and reverse engineering, looking for small details, understanding complex stuff etc..
I have previous experience with system administration so what's more likely to be my next ?
Also, It is kind of hard to find first job in Cyber in my country, so I think certifications will be very helpful not only with knowledge but also with the handshake of congratulations your in !
thank you helpers ❤️
UPDATE: if you think there is "hands-on" cert -> lead me to get into the industry I would be happy to hear as well.
Cobi @KOBIKON ,
"I am currently a student for Bsc in computer science, "
1. Can you tell us how far along in your degree program you are? That may help folks advise on options for elective courses.
2. In the USA, BS in Computer Science degree programs are notorious for NOT having adequate security content, either as included material is courses, or as stand-alone courses. If your program has the same limitation, you will need to plot your own training and education on the security aspects as you progress.
One action you can take is adopt security -related topics for papers and topics within your required and elective course, even if they are not on the primary syllabi for those courses. Also, seek out experts beyond your teachers to help develop those project and paper topics. That will also start you on your way for professional networking.
"To be honest I don't see my self sitting in an office and programming for 12 hours a day and the reason for that is that I just love programming ! not for others .. I love it as a tool and I find it very useful but can't really see myself working there for the next 20 years."
Almost no one in any field suffers a long career doing just what they trained for in college. In our field of security, almost all of us have over half a dozen different jobs over our careers. The trick is to keep an eye on the market place for jobs against your own skills and interests, and take action, including changing plans, as you progress.
"I have previous experience with system administration so what's more likely to be my next ? "
Basic SYSADMIN duties may or may not include security aspects. I'd suggest looking for internships or part time jobs doing network admin with tasks to include log file analysis and basic forensic analysis. You can also do some if this work as a focused hobby by setting up a lan network at home using cheap used gear.
" have passion for malwares and reverse engineering, looking for small details, understanding complex stuff etc.."
The passion you describe fits perfectly with network defense and forensic analysis jobs. I recommend you research those areas and look to gain experience in the related skills.
"It is kind of hard to find first job in Cyber in my country,"
Are you willing to share here what country you are in? Other community members familiar with your area may be more helpful.
"I think certifications will be very helpful not only with knowledge but also with the handshake of congratulations your in"
Yes, certifications are good networking tools. However, at this stage, I;d suggest focusing on the education, training, and experience aspects of developing your skills. Certifications will fall in line as you use those three areas to progress.
Congrats on your long term career focus. This attitude will help you throughout your lifetime.
Hey 🙂
@CraginS
Thank you very much for putting your time and helping me,
I am in the middle of my studies, 2nd year out of 3.
I am from Israel.
@KOBIKON wrote:Hey 🙂
@CraginS
Thank you very much for putting your time and helping me,
I am in the middle of my studies, 2nd year out of 3.
I am from Israel.
Israel has some great resources and opportunities in both government and commercial organization for cybersecurity. And mid-degree is the perfect time to reach out to both companies and government offices for internships for your school breaks, or even part time during the year.
Can other community members with connections in Israel please join in with advice for Cobi?
@CraginS has already provided great advice on how to go about this, but I want to add that even if what you end up with isn't exactly what you're looking for, you should attempt to make the best of it.
I'll give you the example of a network engineer in my organization, who had to take over when the security engineer abruptly disappeared. Under supervision, he learned the administration of the firewalls and other devices, garnering good experience and eventually becoming competent to the point that even though we use a MSSP, I sometimes ask him to take a look at the device configurations to make sure nothing's wrong.
I can understand what you mean about programming 12 hours a day for the next 20 years. You won't however even if you landed your first role in software development, as more interesting opportunity will come along or you'll see a promotion opportunity ... When doing my masters I was told that if we were still coding within 5 years of graduating and had not progressed then maybe we needed to look for another career.
My advice would be to use you BSc to enter IT and try out a few different roles. InfoSec is so wide of a topic that your experience won't go to waste and you'll have more credibility with IT staffers than if you try to enter InfoSec straight from university. Before accepting security advice people often want to feel comfortable that you've been there and done it yourself ... that you could stand in their shoes. It's the same argument that you shouldn't consider taking an MBA until at least you mid 30s if you expect to be able to benefit from it. You need practical experience to relate concepts to and a feel for what works and what doesn't in a given conext.
@KOBIKON wrote:
Career path ! ! !
I am currently a student for Bsc in computer science,
However, I love Cyber security, I love it ! I have passion for malwares and reverse engineering, looking for small details, understanding complex stuff etc..
Tell us about a time when you had to dig deep into understanding something complex. Did it involve reverse engineering?
I can understand what you mean about programming 12 hours a day for the next 20 years. You won't however even if you landed your first role in software development, as more interesting opportunity will come along or you'll see a promotion opportunity ... When doing my masters I was told that if we were still coding within 5 years of graduating and had not progressed then maybe we needed to look for another career.
My advice would be to use you BSc to enter IT and try out a few different roles. InfoSec is so wide of a topic that your experience won't go to waste and you'll have more credibility with IT staffers than if you try to enter InfoSec straight from university. Before accepting security advice people often want to feel comfortable that you've been there and done it yourself ... that you could stand in their shoes. It's the same argument that you shouldn't consider taking an MBA until at least you mid 30s if you expect to be able to benefit from it. You need practical experience to relate concepts to and a feel for what works and what doesn't in a given conext.
I used to like the technical stuff but as I grew older I fell in love with GRC (Governance, Risk and Compliance).
I enjoy working with IT governance/policy and ensuring security controls are in place rather than reading security logs, programming, monitoring security events or managing firewalls.
My job includes finding risks and identifying what could happen if the risk is accept or mitigated. Then I show everything to upper management and they make a decision about my findings.
I like it because it is more of a consulting type of job in which you work with concepts and you work closely with higher ups as opposed to "being the tech guy in the corner".
If you were my manager I would tell you that you need a firewall or a system admin but I wouldn't be the one (and I don't want to be) configuring the firewall or performing sys admin tasks. You would be responsible for dealing with the risks/opportunities of my findings such as hiring the qualified person or delegating the task to someone able to do it. So I do a lot of risk assessment, risk acceptance/residual risks type of work.
Pretty cool for those interested in policy/regulatory/legislation.
The job descriptions are a loooot more chill and streamlined in my opinion.
If interested go to google jobs and type any of these to check the job descriptions: IT GRC, Cyber GRC, IT GRC Analyst, Compliance Security Analyst, Risk and Compliance Analyst