If you’re interested in cybersecurity, you should know that it’s not all sunshine and rainbows. The field is growing rapidly, but it is also highly competitive. With so many people trying to enter the field, finding a job that offers the right balance of challenge and reward can be tricky.
If you’re considering getting into cybersecurity, here are some reasons you may want to reconsider.
Cybersecurity is a field that requires constant learning
It is one of the reasons why many people don’t bother getting into it, but if you love challenges and enjoy making things work, this could be your calling.
There are so many vulnerabilities, new threats, and new ways of protecting your organization that you need to stay on top of what’s going on in the industry. The good news is that there are plenty of resources out there to help you do so.
You will need to be on keep learning or be obsolete.
Stress has become the norm
Cybersecurity professionals must be able to handle stress on many levels. Being able to defend against an increasing amount of threats on a daily basis, especially to those defending critical infrastructures, is highly stressful.
These increased stress levels have led cybersecurity professionals to consider leaving the industry altogether, joining in the “Great Resignation,” rather than moving to a new cybersecurity role at a new employer.
Research examined the stress levels among C-levels
Stress is not only felt by security engineers, SOC teams, and pen-testers. Those in the C-levels who often make difficult decisions are also often stressed on how to use available resources more efficiently.
Cybersecurity deep learning provider Deep Instinct, released the Voice of SecOps report, examining the stress levels among 1,000 C-suite and senior cybersecurity professionals.
The research found that 45% of cybersecurity professionals have considered quitting the industry and 46% know at least one person who left cybersecurity altogether in the past year due to stress.
The most commonly reported reasons for stress included the unrelenting threat of ransomware and expectations on analysts to always be on call or available.
Understand and deal with the stressors
You must be able to must understand the nature of stressors (e.g., workload, lack of resources, relationship problems), how they affect you and other people (e.g., negatively impact performance) and learn ways to deal with them effectively.
Expect there will be a lack of resources
Lack of resources is another source of stress in the industry. Especially when it comes to lack of human resources, lack of knowledge, and budgeting for equipment and software solutions.
Even though many organizations recognize the need for increased investment in cybersecurity solutions, budgets are often limited due to other priorities such as marketing campaigns or new product development initiatives that may have a higher priority within the organization’s strategic plan than investing in technology solutions designed specifically for threat detection and mitigation purposes
Learn to say “No” and be disliked for it
For several of the positions you could be in, either penetration tester, security audit, cybersecurity analyst, etc., you must be willing to say no to other people.
You should not allow applications and systems to go live in your environment if they have vulnerabilities or if they are poorly configured. This is something that will block other people’s jobs, and projects and they will probably dislike you for it.
Be prepared for that, but stand your ground and have high ethics and commitment to the work you do.
You are in that position to protect a company’s information, not to please people.
Be willing to work long hours or weekends
Working long hours is highly expected, especially if you are in an operational role like a SOC analyst, an incident responder or a systems/network security engineer.
You cannot leave an incident unresolved and go home, especially if it is a critical one that poses a high risk to the company. Nor will you neglect important alerts you receive and leave them uninvestigated.
Working on weekends is to be expected in several cases, for example when you need to perform maintenance work that cannot be performed during normal working hours.
Balance work and personal life is hard
Cybersecurity professionals have a responsibility to protect the information they handle. This requires constant attention, which can be difficult when there are other responsibilities at home. It also requires constant training, which can be time-consuming.
Traveling and long hours may be expected
The nature of the job may mean that you work long hours and often have little time off, especially if you are working on an incident response team. You will also likely be expected to travel frequently and be able to work around the clock when necessary.
Be willing to squeeze some work hours into your personal life
Many people find it necessary to make sacrifices to maintain a balance between work and personal life. For example, some people sacrifice time with their families to have time at work. Others make sacrifices at work to have time at home. People who find a balance between work and personal life are rare.
You must be willing to squeeze in some time for training, research and troubleshooting in your personal time at home.
Working for a single company until retirement is not the way to go
Even if you get a job at a great company with a good salary, you should consider setting a limit on the time you will be working there.
There is a limit to how much you can learn from just one role
You will not learn everything there is to learn about cybersecurity by sticking to one company and one position.
The cybersecurity domain is huge and has many different roles. If, for example, you stick with a network security engineer position, you wouldn’t know what security audits are about, nor penetration testing.
Companies don’t use all the technologies and security tools available, follow the best practices or have all the correct policies in place. Depending on their needs, they will have specific tools and processes which suit their needs. That is to be expected of course.
What is not expected from you as a cybersecurity professional though, is to have limited knowledge and experience in technologies, tools, and processes.
If you want to have a deeper and wider knowledge of cybersecurity, you should work for several companies and different roles in the field, to gain as much experience and knowledge as you can.
Read more about the top cybersecurity roles in this article.
Diversify your knowledge
Try to establish yourself in a cybersecurity position for a few years and then look for other opportunities to diversify your knowledge and experience in other areas of the cybersecurity industry.
This will make you more valuable, more desirable, and more highly paid than your competitors.
Cybersecurity is great. It is exciting and challenging to be in this line of work but be prepared mentally and physically for what you are about to get into.
Not everyone is cut out for this industry. The same goes for every other industry I guess.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.