Give me the red pill on what it is like working in the Cybersecurity field
Give me the red pill on what it is like working in the Cybersecurity field
Noah Robinson
Chase Brooks
Bunch of insufferable bastards. They learn about 1 (one) vulnerability and suddenly they think they're 007. Except with a side of really fucked up deep resentment issues.
Blake Ramirez
Face the consequences of your actions or perish by your own hand.
Cameron Taylor
Critical legacy application wont get patched.
Julian Harris
3 years into it, long stressful work hours and shit pay! (i still like it because passion and this is the only thing im good at)
Zachary Gutierrez
sounds just like me, based?
are you a europoor? i was quoted at 80k starting with an oscp
Jacob Peterson
I got a job as an analyst at an in-house SOC for a big company at the start of my final semester of uni. Been there for about a year now and recently got promoted to a 6-figure salary (AUD). The work is pretty good.
In my first 6-months I was mainly doing phishing and UEBA triage, along with handling some other misc alerts and being in the IR team for security exercises
Now that ive been promoted I have a bit more freedom to work on my own projects (response automation development mostly).
I only got the position because I made good contacts while studying - networking is pretty key in the field.
MSSPs seem like a shitty place to work. True wagie cagie SOC monkey shit. 12-hour overnight shifts for little pay, on call 24/7. Would avoid.
I plan to move on soon, leave the SOC life behind to specialise in something more up my alley. Threat intelligence and malware reverse engineering or something.
Leo Howard
the real red pill about cybersecurity is that it's just politics at the end of the day
your actual competency won't matter if you're doing good job because ultimately it's a board of people who don't know shit about cybersecurity that's going to take decisions about the hard work you put in, and most of the time, the board will decide the solution of optics rather than the solution of truth and protection.
Companies will decide to keep software that is filled with aids to the brim if it means the company doesn't have to suffer any kind of repercussion from whatever entity out there and that's unfortunately the truth.
You will be cucked out of your job. You will be forced to bow to powers that are actively malicious and want to hide your work because it exposes them in one way or the other.
If you don't care about that and you're passionate about cybersecurity then that's great. But you'll be asked to do and say things that you are completely against because saying otherwise would just get you fired. You'll be asked to cater to a bunch of jaded millionaires who don't know any better like it's nothing. Your passion is not valued in Cybersecurity, at least when it comes to the bigger corporations out there.
Talking from experience. Went independent and never looked back. I work alone.
Parker Ward
More or less yes. And let us never forget that they killed the/cyb/ + /sec/ General.
Brody Scott
used to pentest for a consultancy. average contract was two weeks. the work was interesting, but don't expect Mr. Robot shit, it's a lot more tedious than that. report writing is a big part of the job, and like the others said, your findings will often get ignored.
we billed ~$15k/week, so this wasn't just a "check the box" type of testing. from that revenue, i got ~$150k/yr, so FAANG paid better.
i was purely technical, but also helped with some sales/debriefing meetings. clients tend to be a pain in the ass, especially if they're looking for a bargain.
Carson Bell
Extremely chill for me in malware RE\intel, about 3-4 hours of work in a week if you work smart
Nicholas Ortiz
Are you still working in cyber security, solo? Bug bounties, or providing a service or something?
Isaiah Taylor
they just need to be abused to change their approach, cuck their systems and their clients show everyone how worthless they are.
Nicholas Cook
Still in cybersecurity yes. I haven't done any bug bounties, I mostly do contract work for little businesses now since those don't have the problems I outlined. I provide help with problems that seem interesting to me, I'm usually compensated one way or the other for the service, it's more akin to mutual help than actual work but that's the way I prefer to live. I don't make as much as I used to when I worked for big tech but that's completely irrelevant to me since it's more important to me to have my work valued by people I work with than complying with malicious actors.
I guess one tip I can give you if you wish to follow a similar path is to work with crypto because people in dire help generally are pariah of big tech. They will pay you a lot in crypto, it's just a matter of them not finding anyone willing to work for them. I'd rather work for someone that I disagree with on political inclination but actually cares about the shit I do, rather than a bunch of jaded technocrats who couldnt care less about the important work you do around.
You can't do that. You will be witch hunted and prosecuted if they have any ground to do it no matter how small. There are many cases out there when a guy decides to take matters in his own hands and leak the vulnerability out there to make people aware of the problem and it's seen as an attack against the company. These people get sued out of existence. You will lose everything you've ever worked for. It's not worth it.
Andrew Ward
>It's not worth it.
i guess not just from your perspective, but they need to be suck on purpose so they'll have the legitimacy to keep "protect" businesses data forever.
we all know that they work by protocols and standard and the pentesters are just running scripts and make reports. to be honest i really fascinated by this area, but the job itself sound like a sisyphean dogshit
Gavin Long
Holy shit OP I am the OP of and damn I empathize with you so much, I am in a similar boat. I used to offer OSCP tutoring and odd jobs while living in Vietnam, because my college funds got pulled due to my trust fund changing hands and I just hit fuck it and went overseas. I'm trying to make more than a subsistence wage in a third world country because I want my kids to be white. I'm taking my OSCP lab right now (hilarious how teaching the OSCP my not being certified was never a problem) and I have been mulling over whether I should try to enter the corporate world or if I'm better off doing tutoring. I'm living on a good friend's couch right now finishing this cert and I know that in a few months I'll have to have something to offer and I don't know what form to give it. I wish I had more stability in my life, I had a bad breakup and I am back in the West now, but with very little savings.
How can I go from where I am to getting these consulting gigs? Can I pick your brain some? I also have some really crazy stories. Add me my discord is Ceres#5832.
Luke Johnson
>the job itself sound like a sisyphean dogshit
it depends what your approach is
if your outlook is to do the bare minimum and watch progress bars all day then write reports manually then yes you are going to be bored out of your mind
The nice part about it is automate what you can and then allow yourself to either do some crazy stuff you were not asked but that's always appreciated, or just take the extra time learning things you could not otherwise have the time for
Some areas of cybersec are naturally more intensive so it depends what you prefer.
Sorry I don't use discord and I'm very particular about opsec so there's that.
The key to getting consulting gigs is to work on a local level. Ideally you want to work in a very small town with little access to everything and find the people launching businesses. People WILL need you eventually, it's just a matter of finding them. You can do all of this remote.
Email companies, and also email schools. Schools are very underrated because not only are they open to this sort of stuff but their philosophy is more freedom-focused so you have no restrictions.
Shit is so lucrative I wrote a crawler to find these open positions in little towns and spontaneously sent emails to them for contract work. You'd be surprised how much it works.
Find grey areas of the internet and work for the guys people are usually scared to work for. Great starting place is the fediverse, you'll definitely come across some of these dudes. This is where great money is made in my experience. The only catch is that you have to get some crypto literacy but once you do that, you pretty much ascend and become financially independent.
Good luck. Stay safe, and stay true to yourself.
Nathaniel Long
I'm already pretty used to getting paid in crypto. One of the best things about living in Vietnam was that there are ATM's there that have no KYC laws, so you can just get a fuckton of whatever you're paid in and cash it out to pay your rent. No banks, no bullshit, life was simple. There's a reason all the top crypto projects are coming out of Vietnam. I'm still on the fence about going back, I think I still might at some point.
Is there some way I could contact you after this? It helps so much to have other people to talk to about this kind of stuff.
I know Discord sucks and they sell your data to the ADL and Palantir. At least they don't leak your IP. I can use xmpp+otr or whatever tech you're on. Can you send a mail to [email protected]?
Ethan Allen
on the fence about contacting people on Any Forums i'll think about it and send an email soon when i make up my mind
Lucas White
DFIR GigaChad here, depends what area you're in.
I get paid an obscene amounts of money just to tell people they got fucked and how to prevent it in the future.
Jose Wright
i usually tell people to use privnote.com if they are worried about footprint