Cyber security is a challenging and rapidly growing field. It’s also one of the most in-demand professions out there. If you’re looking for a career that’s both interesting and challenging, cyber security is a great choice.
So, is cyber security fun? Cyber security is a fun career choice when you are looking at ways to stop cyber attacks, by assessing the security posture of networks, systems and services. Dealing with new threats and forensic investigation can also be rewarding, as you learn to understand security measures to mitigate these threats.
When you have an authorative role in cyber security, then it can be fun, where you are making decisions about cyber security strategy, policy, security tools and are assessing security postures of an organizations networks and systems to make sure they provide protection against existing and new threats.
In non-authorative roles, like working as a cyber analyst on incident response for example, cybersecurity can become tedious and frustrating, as you are having to deal with threats and attacks. Generally involving working longer hours and having to deal with stress, as you are proactively dealing with incidents as and when they happen, and this can include during unsociable hours.
The cyber security field is growing rapidly, and many people are interested in pursuing a career in this exciting and important area. Overall, a career in cyber security can be rewarding as you are constantly learning new threats and attacks that hackers are trying to use. This keeps you engaged in your work and depending on the cyber security role you are doing, can provide many intrinsic benefits.
Most people I know who work in cyber security would say yes, cyber security can be fun. They enjoy the challenge of protecting computer networks from attack and working to keep data safe. They also find the field interesting and stimulating, with new challenges popping up all the time.
Cyber security has allowed me to work in a position where I’m reviewing and assessing the security designed to protect against cyber attacks. I spend a lot of time looking at the proposed security tooling being advocated in the designs and solutions I’m reviewing.
Looking at whether the perimeter security being protected by using the appropriate ingress and egress security controls, like intrusion detection systems (IDS), intrusion prevention systems (IPS) to looking at measures to protect against distributed denial of service attacks (DDoS).
If its new applications being developed or migrated, I look at the security of the applications to make sure they have the required security protections in place. Like measures to protect against Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) type attacks.
I really enjoy my role, especially the mix of infrastructure and application security across traditional data centers to cloud environments like Amazons AWS, Microsoft’s Azure to Google’s Cloud Platform (GCP).
To looking at the overall vulnerability management of systems and services, like virtual machines to containerized workloads running on Kubernetes clusters. All of this work I find fascinating, as not only was I looking at protecting my employer from cyber attacks, but the technology involved in some instances was cutting edge.
For me, working with cutting edge technology is amazing, as it allows me to see how these new technologies are evolving to fight against hackers and attackers.
Of course, like any other career, there are downsides to working in cyber security. There can be long hours and high stress levels especially if you are working in incident response. As a high priority incident can demand a lot of effort and time to deal with.
Especially when there is an active cyber breach happening and steps must be taken to quickly cut off any access to the hacker. Before they can steal any valuable corporate information or damage any systems and services due to maliciousness.
Some roles in cyber security are not always fun. In fact, they can be quite tedious and boring at times. I’ve been fortunate to have avoided these roles as I didn’t start off in an entry-level cyber security role. I came across from the solution architecture space and took my architectural skills and applied security to it.
It can be difficult to keep up with the ever-changing landscape of cyber threats, but for those who love a good challenge and are fascinated by technology, a career in cyber security can be both rewarding and enjoyable, meaning a lot of fun.
Cyber Security Analyst – Incident Response
The cyber security analyst role where you are proactively dealing with cyber attacks, I would say can be the most stressful and tedious role. Leading to many people I know who have done this type of role, saying it’s not at all fun doing it.
Especially, when you are involved in multiple on-going incidents having to deal with cyber attacks. As these can happen anytime during the day and night. Having to work unsociable hours like outside of normal working hours, during the night to weekends. All can take the fun out of cyber security.
That being said, when everything goes smoothly and you manage to thwart an attack or prevent a data breach, it can be very rewarding and satisfying. It’s also a very exciting field to work in, as new threats are constantly emerging, and you never know what you’ll encounter next.
On one of my previous roles, we had a major incident, and the Major Incident Management (MiM) process was put into place. Where we had a dedicated incident manager, several cyber security analysts and projects managers.
Whilst I was able to leave the incident when it was 5pm, the rest of the people involved had to carry on working until there was some sort of resolution, or the security risk had been reduced to a level where the threat to the organization was minimized.
Generally, shutting off the affected service would be one way to reduce the risk, as this would then stop the service being attacked and it would also give the people involved in the incident response to look at how to fix the service security failings.
However, in the incident I was involved in, there was a dire need to keep elements of the service working, whilst shutting down other parts that could be analyzed. After the analysis was completed, measures could be taken to put into place remediations, to minimize the security risk or to remove the risk completely.
Cyber Security Analyst – Threat Intelligence
When new threats are discovered, it’s important to make sure steps are taken to protect against these new threats. This is where the Cyber Security Analyst involved in threat intelligence comes into play.
The cyber security analyst looks at the threats to understand how these threats are exploited and then looks for any countermeasures, which is any mitigations that can be employed to deter these threats.
Some threats may simply have a simple fix like a patch, for example the OpenSSL Heart Bleed vulnerability that left hundreds of thousands of websites open to attack. Once a patch was available, the adoption of the patch required immediate attention.
Cyber security analysts would have looked at how vulnerable their organization was to this attack, what measures could be taken to limit the attack whilst the patch was being developed and the coverage of the patch once it was finally released.
I am regularly in contact with the threat intelligence teams where I work, as I need to know what new threats, they are aware of and what mechanisms they are using to let the rest of the organization know of any imminent threats.
For example, one of the major threats I deal with is associated to credit card skimming infections called Magecart attacks. The threat intelligence team can provide vital threat intelligence to alert on domains that have been infected by the Magecart malware.
This quickly allows my employer to respond my removing any links to these domains and thereby protecting themselves to this skimming attacks. Generally, I advocate not using third party domains for JavaScript files as these are more likely to be infected by Magecart malware.
As we have no control over how these third-party sites are updated. But sometimes, the organizations accepts the risk of using third party sites but introduce compensating controls like vulnerability scanning to minimize the threats.
Cyber Security Analyst – Forensics
Once a breach has occurred, steps must be taken to ensure it doesn’t happen again as well as finding out what happened during the breach and what was taken or even damaged. It’s important to take note of what’s happened so it can’t happen again, as any organization repeatedly ending up being attacked for the same thing is quite worrying.
This is where a cyber security analyst involved in forensics comes into play and these jobs can be very rewarding and a whole load of fun. As it’s more like a game where you need to find out how the hacker breached the organization and managed to get inside.
What they took, like corporate information from secrets board meeting notes, plans to the information about employees, customers and even credit card details. Knowing what was taken is very important as sometimes the authorities need to be notified, as failing to do so, could lead to being punished through large fines and penalties.
Sometimes, the hacker doesn’t steal anything, they merely want to destroy the infrastructure and the information stored by the victim organization. In these instances, the cyber security analyst will need to determine what was destroyed and whether sufficient backs and resilience to recovery measures were in place.
Lateral movement is one area where organizations who are savvy enough put in measures to reduce how far an attacker can move across an organization once, they have breached them. So, having network segmentation with firewalls separating the networks is the first step in ensuring that attackers find it difficult to traverse across the organizations network.
Otherwise, having no separation, resulting in what they call a flat network will allow the attacker to easily move across the whole organizations network, getting access to areas where there is sensitive information. Like customer and employee details, including names, addresses to credit card details.
Red Teams vs Blue Teams
Another interesting area of cyber security is the Red Team and Blue Team set up across many of the larger organizations. These teams are set up to act offensively and defensively at threat management.
The Red team members are offensive, that is they are looking for weaknesses in the security posture of the organization, which can be exploited by attackers and hackers. Whilst the blue team are defensive, where they are defensive and are geared up to deal with the potential Red team attacks.
Being members of either team can be a fun way to work in cyber security, as not only are you learning and understanding new threats and how to deal with them. But you are also working in a way that is both fun and immensely rewarding.
I’ve worked with both red and blue teams during their exercises and been amazed at how these teams can work in a way that ends up increasing the protection and organizations has against cyber threats and attacks.
Bottomline
Cyber security can be fun depending on the role you are working in, as some roles are much more rewarding than others. From personal experience, those cyber security roles where you are acting in an authorative capacity, whereby you are making decisions, are the ones where the most fun can be had.
Whilst those roles, where you are literally at the coal face, having to deal with cyber attacks and threats, in an incident scenario, are probably the least fun. Typically, these roles are the cyber security analyst ones dealing proactively with cyber attacks.
The Cyber Security Analyst roles can deal with incident response, threat intelligence to forensics and each of these roles is different in terms of the ways of working to the value the employee gets. The threat intelligence and the forensics roles tend to be the most rewarding and thereby the most fun.
So, if you’re looking for an interesting and challenging career that offers the opportunity to make a real difference, cyber security may be just what you’re looking for.