What it’s really like to work in Cybersecurity.
Working in cybersecurity can be a great career. It’s a booming industry and right now there are more cybersecurity jobs than people to fill them. Nearly every company, big and small is creating a cybersecurity department within their organization and need people to fill these roles within this department.
If you are thinking about working in Cybersecurity or IT Security… specifically corporate cybersecurity and want to know what it’s really like, what you can expect to do, the skills you will need, the Pro’s and the Con’s… then you have come to the right place.
There are many different jobs, levels and areas of cybersecurity one can work in. In this article I’m going to discuss corporate cybersecurity, and more specifically the basic or entry level roles and what you can expect in these roles.
What is Corporate Cybersecurity
It’s working on complex systems within an organization utilizing your years of training in ethical hacking to prevent the “bad guys” from breaking into the company network and deploying malicious attacks and stealing private data, right?
Eh, not exactly.
While the IT Security department does play a large role in keeping the company safe from threats… it’s a lot less glamorous than you may think.
Unlike other cybersecurity roles such as penetration testers, ethical hackers, and even forensic investigators… Corporate cybersecurity or IT Security focuses less on the technical aspect, and more on audit, change control, procedure and risk pieces of security.
So what does this mean exactly?
It means the work being done is very procedural based, utilizing the systems and tools in place to perform required tasks which are usually mandated by some regulatory requirement.
Working in IT Security you can expect to run lots and lots of scans, create procedures, administer change management, and deal with a lot of audit and compliance issues.
It’s less about technical work and more about adhering to policy and procedure.
So configuring firewalls, performing penetration tests, and forensic investigations are generally not in the cards for Corporate IT Security roles.
These IT Security roles can have many different titles as well. Common titles you may see in Corporate Cybersecurity roles are IT Security Analyst, IT Security Administrator, and IT Security Engineer. There are others, but these are the three most common. The titles are very fluid, and even though they sound different, they each can mean the same thing.
What you can expect working in Cybersecurity
Let’s dive a little deeper into some of the common responsibilities of IT Security and what you can expect.
CHANGE MANAGEMENT
If you really want to know what it’s like to work in Cybersecurity, then you should be prepared for a lot of paperwork, chasing people down for signatures, and making sure everyone completes the necessary documents correctly.
A big part of the IT Security team’s responsibility is to enforce and manage the Change Management system.
What is Change Management?
It’s basically a BIG CYA (cover your ass) under the guise of paperwork…
Before Change Management processes were a thing, when any kind of change needed to be made whether that be a network change, server change, application change, etc… The engineer responsible would just make the changes, and like MAGIC it was done… no paperwork needed.
The problem with this is there was no written proof of what change was made or approval from other departments and managers that they are aware onboard with the change… As you can guess, for compliance and auditors this is a big problem… EVERYTHING NEEDS TO BE DOCUMENTED.
So along came Change Management to solve this problem.
Some form of Change Management process is often required for regulatory purposes.
Security’s role is to make sure the forms are filled out thoroughly and correctly. They need to make sure the correct people signed the form, that there is a separation of duties between who is issuing the form and implementing it, and that the dates written are adhered to.
Managing this process can give you great visibility to the changes happening in the environment, but IT Security is not the ones actually making the changes.
SCAN, SCAN, SCAN
Another big part of IT Security is running scans, specifically vulnerability scans, both internal and external.
What this entails is obtaining a list of the internal and external IP ranges for each site, and using a tool that is designed to scan these IP ranges for various known vulnerabilities.
Depending on the software used for these scans, the software will usually generate a report detailing its findings, which will then be sent to the infrastructure team to resolve.
Typically these findings will include things like, open ports and missing patches and updates for various systems.
Many organizations require the IT Security department to run these scans on a continuous basis. Generally every month or at least every quarter.
AUDIT AND COMPLIANCE
Especially in larger companies, adhering to regulatory standards from compliance and auditors is a big part of the job. When you finish working with one group of auditors, the next group of auditors is ready to go.
When you are working with auditors, your main responsibility will be to gather reports and documentation for them to go over and assess.
Depending on the audit group, they may want to see documentation for various changes that were made, they may want to see security procedures, or even hardening standards for various systems. It is Security’s job to gather this information and provide it to the auditors.
This often entails working with other departments in the company to pull certain information for you.
You may also need to work with compliance or different auditing groups to define your own security policy, standards and procedures for various things.
For example, nowadays many organizations have mobile devices in their environment such as laptops and smartphones. Depending on the regulator requirement, you may need lock these devices down in a certain way or have the users that use these devices follow a policy to keep them secure.
Auditors can often give guidance on what these standards need to be, and it is up to Security to create
What you should NOT expect working in Cybersecurity
TECHNICAL WORK
There are often security systems in place such as Intrusion Detection, Intrusion Prevention, Network Access Control, Privileged password management, and Proxy Servers to name a few… And while these systems are designed to provide a level of security in their own right, its generally the duty of the Infrastructure team to implement, maintain and use these systems… Not the Security team.
As mentioned previously, IT Security roles are often less technical work and more so managing the procedures and processes AROUND the technical work. For some this can be very tiresome.
OFFENSIVE CYBERSECURITY
Offensive cybersecurity generally refers to the redhat guys that do the ethical hacking and penetration tests on networks… You know, the fun stuff.
You should also not expect to be involved in Offensive cybersecurity measures like penetration tests either. These types of offensive cybersecurity measures are generally reserved for consultants and different vendors.
Though you may not be the one performing the penetration tests, often times the IT Security team will need to assist in the process of gathering data, IP’s and even reviewing the reports afterwards.
PRO’s and CON’s
PRO’s
- The job market is very good for cybersecurity positions. There are more jobs than people to fill them so the barrier of entry into these positons is often low.
- IT Security can be a great Segway into IT WITHOUT going the Help Desk route. Sure you may not learn as much about the technical side of IT, but for whatever reason having IT Security on your resume looks good to employers.
- If you can get past the monotony of entry level IT Security roles, there are many different paths you can go down which can be very rewarding, lucrative and even fun. Some of these paths include Forensics, Penetration testing, and even auditing (if that’s your thing).
CON’s
- You may start your career in cybersecurity thinking you will be involved in very technical security stuff, but as you will find this is usually not the case in corporate IT Security. Sometimes it feels more like a glorified secretary than an IT role. If you want to start your career in IT doing technical work, than corporate IT Security is not for you.
- Working in IT Security, you aren’t playing ball doing the technical work of the business, you are the referee. And the bad part about being the referee is not matter what the outcome, someone is going to be upset with you regardless. You are part of the team that makes other people’s jobs more difficult. Now this is a necessary evil, but when you are part of the team that puts restrictions on how someone does their job, they will undoubtedly be upset. Working in IT Security, you will need to have think skin to handle the animosity.
Skills, credentials and training needed to work in Cybersecurity
Because the job market for IT Security is so vast and the available people to fill those roles are so small, the barrier to entry is low. In fact, many companies are even looking for people with no cybersecurity experience whatsoever.
According to a CNBC article from 2018, people with experience in project management, analytics, data science, technical writing, law, policy, third-party oversight, or physical security functions like law enforcement or military roles may all be able to qualify for cybersecurity jobs by simply fine-tuning some critically needed skills.
Companies are looking for people who can help them “reshape” how they think about security. Having the ability to solve problems, or having exceptionally well-tuned leadership skills and the ability to influence people in various lines of business, are critical to what corporations are seeking in cybersecurity executives and staff.
What this means for you is, even if you don’t have cybersecurity credentials to put down on your resume, if you highlight your attributes that that align with what companies are looking for in security applicants, this may be enough to get you in the door.
If you are still having trouble getting your foot in the door in a cybersecurity role, you could always take the traditional route of obtaining a degree or certifications.
Many colleges nowadays offer degrees in Cybersecurity or closely related fields such as Information Security, Computer Science, etc. There are also many great and reputable schools which offer completely or nearly ALL online Associates, Bachelors, and Masters Programs in Cybersecurity. Utica College in Upstate NY is one of these schools.
Obtaining a Cybersecurity certification is the cheaper of the two options and sometimes just as credible as a degree… at least for entry level IT Security roles.
Common and reputable certifications in cybersecurity are CEH (Certified Ethical Hacker), CISM (Certified Information Security Manager), and CISSP (Certified Information Systems Security Professional).
There are also Security certifications you could study for and obtain that have no prerequisites. The most common is Comptia Security + which is a fantastic cert for any IT newcomer, whether they want to work in security or not.
Is a Career in Cybersecurity right for you?
A career in cybersecurity can be very rewarding and even fun depending on where you take it. Though corporate cybersecurity may not be the most glamorous of jobs, it does offer a pathway into IT or other roles within the cybersecurity field and even other roles within IT in general.
If you are the type of person that enjoys managing change processes, scanning systems for vulnerabilities and working with auditors, then working in Corporate IT security may be for you.