What a career in cybersecurity is like today

My friend asked me about this because he is contemplating a new career in cybersecurity. I’m sharing my response here:

There are good and bad things about a career in cybersecurity. Good in that there are a lot of jobs out there if you understand the tech. Bad in that it’s a lousy career. You’ll have job security, but if you do a great job, nobody cares because nothing happens — the best thing that can happen to you is you don’t get fired. And then people are always trying to cut corners in security, because it’s so nebulous. You have to fight to get something done properly, and people will resist you the whole way because it just costs money and few understand. And then if something goes wrong they blame you.

It’s also very difficult to learn. There are multiple layers in security — cryptography/math/algorithms, applied cryptography — knowing how and when to use the algorithms, protocols, workflow procedures, compliance, standards — etc. Knowledge that come from a lot of experience — almost impossible to find guidance in a book. Some books go into the tech, but they usually overload you with so many technical details it’s hard to follow unless you love that stuff, which I don’t.

I’m not sure where you should start, but first think about what you really want. It’s not an exciting career unless you get lucky and rapidly move up to a senior position, but even then the job is a fucking pain in the ass, spending most of your time trying to get people to do things they don’t want to do and sorting through unbelievable amounts of irrelevant bullshit to find out what’s really happening and what needs to get done. But I do like the job security, and I get paid well for not that much work.