Is Cyber Security A Good Career Choice?

>>61416645
The whole industry is basically fixing stuff Pajeet got wrong or AI cannot do. So yeah, it's pretty solid career choice for at least another couple of decades.

>>61416645
Yeah it's good but you have to be a very good programmer to be useful.

>>61416700
Do you have any idea with cyber security is?

>>61416645
Very good choice if you can keep up. I find formal methods better. Not that many career opportunities (basically just avio, auto, military), but the money is crazy good, the work itself very interesting and you're pretty much guaranteed to be employed your whole life. You also don't have to deal with that atrocious web bullshit for contract work.

>>61416838
how about every other business? information security (or cyber as it's been marketed) is a concern of every business, more so in the future. if you fail to see cyber security as nothing more than hunting vulnerabilities and secure coding, you've basically no idea what you're talking about.

What about getting paid for uncovering vulnerabilities, bug bounties and so on, can you make a living from it if you are good or is it mostly hype and marketing to generate good PR for vendors?

What about machine learning? I heard it was well paid if you worked in the financial sector.

>>61417108
To my knowledge, it's possible if you're good enough. Surviving just by bughunting is hard though, unless you're exceptional

>>61416961
I've started in cyber security, at that time and place, it was called (translation) "information security engineer" and the work included pretty much everything security-related, from access terminals, securing the network at that place, to doing seminars with employees about habits and security. Most of my class went to cyber security and, most of them work as contractors in some consulting company, they do the same things i did, but as contractors.
Since then, i've moved on to formal methods as i've always been leaning on the theoretical side of computers. It was the best decision i made. At the time i made the switch, it payed less than security, but i've been getting more and more each year, unlike in security, where i was already near the ceiling for my position and promotion was really not an option. I've stayed with the same company and this department is much more fun and, my work is actually secure unlike the half-measures everywhere else, including network security.
Once you get to prove things are secure, the whole "cyber security" industry becomes a joke, not much more than smoke and mirrors.

>>61417289

What soft of firms employ such people?

>>61417177
It's paid well everywhere but the trend I'm seeing is that ML/AI/Data Science was hyped too much, the teams can't deliver and companies are deinvesting. And the signs are already there for the companies just adopting these techniques. For example, I know a very big automobile company that started to aggressively invest in the field. They hired tons of Phds and worked on lots of projects. One of the big problems was that there wasn't any business case. I.e. they spend a half man year developing a solution which will save maybe 3k/year - just because the problem was cool. The second problem is that they throw everything at algos and see what sticks. E.g. they want to classify documents into about a 100 categories but only have 2000 data points. It's inevitable that after maybe 2-3 years the company will downsize the department because it just didn't deliver value.
On the other hand I know some really great examples but the teams didn't go with the "I have a hammer" mindset but started from the business / user perspective. They invested about 2 man years and saved 5m/year. Their approach was very different. They understood the use case, spend time understanding the data instead of just throwing data into an algo and didn't try to use the coolest newest project on github but instead wanted to deliver a valuable solution.
I guess that the field is developing very much like its predecessors (Analytics, BI, DWH, AI, expert systems, etc.). Huge hype at the beginning, high salaries, tons of people go into the field, vendors start to create software which makes it easier to use the techniques, companies notice a lack of return, downsizing, people that remain are either highly specialized, consultants or SME experts with knowledge about the technique.

>>61417454
So to sum up, it's not a good idea to get into ML right now even as a stepping stone to financial engineering positions?

>>61417108
>getting paid for uncovering vulnerabilities
if you're good enough to do that chances are you already have a very good paying job and won't have time to do that unless asked by company that hired you

It's true that in some countries you may be nothing means you must be having a low income but it is also true that if you have good skills and a tons of knowledge you are made to change the world and yup that will be valued by them as per your choice broda

I wanna get into cyb sec but as one of the people who drafts the policy for everything and design the systems to be secure


I'm already studying information security,I realized they just get us introduced to as many concepts of digital security from a a networking and encryption stand point.

What do? Wanna be a sec system architect and policy writer.

>>61417582
Could do worse than reading this guys stuff.
It's what got me thinking about this thread.
https://blog.eutopian.io/forget-solving-the-cyber-security-skills-shortage/

>>61417488
I don't know enough about the quant industry to give you good advice. From what I've heard the golden age is already over and it's extremely competitive. Other than that look for people in the industry and ask them (e.g. on linkedin)

>>61417289
So, would you say software engineering or system programming is better than cybersecurity for specialization studies?

>>61416776
pretty much coding

>>61417289
a professional would never claim 100% security. risk management is continuous excercise, you can never say that there's nothing more to do. once you get the processes running and in place, you're maintenance costs and efforts are significantly lower but believe me, you're never done with risk-based security.

Is embedded a good career choice? How about networks and/or systems?

>>61417671
>golden age is already over
So what will be the new booming field related to CS/Software eng in the coming years?

*if* you are smart, creative, and know ALL of your shit (asm, C, math, OS concepts, specifics of the linux AND windows kernel, various areas of math including graph theory), then you will make trucks of money more than software engineers, and everyone will suck your dick to hire you.

*if*.

>disconnect computer and put it in cold air gapped storage
>cyber is now useless
Really makes you think

>>61419041
Well there was this one case where the pc was infected but offline.
The malware would transmit messages by blinking the power led so they only needed to have visual contact with the machine.
`

>>61417410
Can't speak for everyone, but i work in a honey full of well.
>>61417747
I've studied applied mathematics so no idea there. Most of the security engineers here are CS or CE guys though.
>>61417784
That's not the kind of security i work on. We build mathematical model, we prove it has certain properties we want, we write code and verify. After this, you can say that your software is 100% safe according to that model. It's not perfect- if your model is insecure, so is your code. But it's still better than what the world currently uses- wishful thinking.

>>61416645
I joined my country's defence force as an army officer with a background in Math+CS. Pretty much got thrown into cybersecurity and had to pick it up really quickly.

There are shortages, but it is overhyped. The biggest problem I see with the area is that it requires substantial programming experience to really be effective. You need to know how development teams are run and how they function. How testing will pick up bugs and what you can expect it to miss. You then need to contemplate all sorts of areas where you think they might have missed something.

It can be very slow and really shitty.

cybersecurity:

>nothing happens
>i cant believe we pay your useless ass to sit around doing nothing all day!
>something happens
>this is all your fault!

>>61417454
Can you based these facts off any statistics or should we just automatically believe you?

I took an infosec course once and there wasn't any programming involved. Why do you need to know programming for it? Was it just because it was a community college course or something?

>>61419927
dude there is. You need to know databases as well

>>61419828
pretty much this.

I work for a medium sized private cyber security firm and it's a solid career because of all the fear mongering.

Any business we get comes usually right after you see these 'massive' breaches and ransomware attacks on TV.

Realistically though, it's just a big joke. I've met people making easily over 100k in this field who are complete morons and others who are geniuses.

At the end of the day, it's not difficult to get into, you can learn Kali linux / nessus / among other things and then you can get a job.

I've just hit 3 years at the company I'm at and aside from some scripting here and there, i've never programmed. So not sure what the other people in the thread are talking about.

anyway, it's easy money to shill McAfee and other companies.

>>61417454
I agree about machine learning and AI being very popular right now, but do you have any sources for the deinvestment you are talking about?
I'm in college and I'm backend and security inclined, but would like to analyze my options.

>>61421436
I guess they are talking about writing your own code to exploit vulnerabilities, which I bet is challenging, but it is my understanding most cybersec guys use tools already created and tested i.e. the kali linux suite

>>61421680
It's not as challenging as you think.

After a 3 month internship to somewhere like NCC Group or Optiv you can easily start Return Oriented Programming exploits on Stack canaries and randomization it just requires basic Assembly/C knowledge.

The reality is 99.9% of all software, everywhere, is a complete pile of garbage. Almost everybody cut+pastes out of old, dangerously buggy libraries and programs and then dumps that into a new program, helpfully bypassing all kinds of protections put in place like stack protection.

The entire security field basically is just putting out fires, because if you come along with a new solution nobody will want it. Nobody actually cares about security, because there is no punishment in today's market for being insecure. Companies routinely get their shit dumped and violate privacy of all users and.... nothing becomes of it. So they don't care, and don't pay for your new bulletproof authentication method when they can just reuse a buggy, exploitable one for free. Homakov has detailed this problem here: https://medium.com/@homakov/why-it-sucks-to-be-a-security-researcher-8a1d17fbffe8

It's also why I quit. Security is one of the most boring jobs. Same old shit, every single time. Randomly input garbage strings and presto you've "hacked" something, like when Android device encryption was fully bypassed by just injecting junk into the password entry field. Culprit? Some guy copy and pasted something and introduced a vulnerability yet again.

>>61422445
>Culprit? Some PAJEET copy and pasted something and introduced a vulnerability yet again.
FIFY

>>61422445
Pretty much, it's a joke.

Our 'consultants' though knowledgeable, basically get paid to go on client sites and just run nessus, kali, and other tools, and get paid to write reports.