5 answers
1
Question
Asked
550 views
As someone interested in pursuing a career in cyber-security, I'm curious about what daily work actually looks like. Do cyber-security professionals typically work alone or as part of a team How are tasks usually assigned, do they involve long-term projects that last for months, or are there more short-term, fast-paced assignments? I’d like to understand what the workflow and collaboration style is like in this field. #Spring25?
I'm a senior in high school and planning to major in computer science or cybersecurity in college. I really enjoy math-related classes like Pre-Calculus, Algebra, and Robotics, and I’m good with technology. I also like programming, building robots, and playing video games in my free time.
As someone interested in a cyber-security career, I'm wondering what the actual work environment is like. Do professionals in this field usually work on teams or more independently? Are cyber-security projects typically long-term (spanning months) or more short and fast-paced? I’d love to understand what a typical workflow looks like in this field.
Login to comment
5 answers
Updated
Teklemuz Ayenew’s Answer
Working in cybersecurity offers a great mix of teamwork and individual tasks. In big companies, like Security Operations Centers (SOCs), you'll often be part of a team, which means lots of support and shared knowledge. In smaller companies, you might work more independently, giving you a chance to shine and take on various responsibilities.
There are many exciting roles in cybersecurity, such as Security Analysts, Ethical Hackers, Security Engineers, Incident Responders, and Security Researchers. Depending on where you work and your role, you might collaborate closely with others or tackle tasks on your own. The timelines for projects can vary, too. Quick tasks, like handling an incident, might take just a few hours or days, while bigger projects, such as upgrading security systems, can span years.
Every day in cybersecurity brings new challenges and opportunities. You might monitor systems for threats, check logs, investigate unusual activities, and respond to incidents. You'll also get to analyze malware, find root causes of issues, run penetration tests, and perform security audits. Other important tasks include fixing vulnerabilities, managing firewalls, updating security protocols, and ensuring everything meets standards. You'll document your work, stay updated on new threats, and might even lead training sessions to help prevent future problems. Dive in and enjoy the journey—good luck!
There are many exciting roles in cybersecurity, such as Security Analysts, Ethical Hackers, Security Engineers, Incident Responders, and Security Researchers. Depending on where you work and your role, you might collaborate closely with others or tackle tasks on your own. The timelines for projects can vary, too. Quick tasks, like handling an incident, might take just a few hours or days, while bigger projects, such as upgrading security systems, can span years.
Every day in cybersecurity brings new challenges and opportunities. You might monitor systems for threats, check logs, investigate unusual activities, and respond to incidents. You'll also get to analyze malware, find root causes of issues, run penetration tests, and perform security audits. Other important tasks include fixing vulnerabilities, managing firewalls, updating security protocols, and ensuring everything meets standards. You'll document your work, stay updated on new threats, and might even lead training sessions to help prevent future problems. Dive in and enjoy the journey—good luck!
Matthew L. Tuck, J.D., M.B.A.
CEO/Managing Attorney, Greater Detroit Area
73
Answers
Updated
Matthew L.’s Answer
Hi Nicolas.
Great question. And cybersecurity is a great field to get into. I'll try to answer your many questions here.
A computer science/coding background is a great way to get into cybersecurity. So what is 'cybersecurity. The term "cybersecurity" is a broad term that encompasses a lot of different career paths. At a very basic level, cybersecurity professionals are tasked with being the first line of defense against cyberattacks. Cyberattacks are computer-based attacks launched against individuals, companies, and even entire countries. Attacks by cyberhackers are constantly working to get past computer security measures so they can steal valuable data, like personal photos, credit card numbers, bank account information, social security numbers, passwords, and secret company information. Cybercriminals then sell or use the data or may send a ransom demand seeking money or other payment (often Bitcoin) to get the data back or to purchase an encryption key to unlock the data that has been encrypted. These data breaches can be personally devastating and, in the case of a business, can cripple the business. Upward of 50% of businesses that suffer a successful cyberattack never recover and have to close.
This is a great field to get into because, as of this writing, there are over 3.5 million unfilled jobs in the cybersecurity field. Most of them pay very well. The jobs discussed in this post pay quite well from a low of about $75,000 per year to over $180,000 per year, depending on the region of the country.
So what types of jobs are there in cybersecurity? Here are just a few:
- Penetration Testing - Penetration testers constantly test computer networks (usually for businesses or government agencies) for holes that cyberhackers can exploit to get at the data.
- Forensic Analyst - Forensic analysts typically come in after a breach to analyze the problem and figure out what happened, what was taken, and how to plug the hole. Forensic analysts often work in connection with litigation or a criminal investigations.
- Identity and Access Control Manager - These individuals are tasked with constructing secure onsite and cloud network environments. Their role is manage data, manage authorized access and block unauthorized access to confidential material. They work with developers to validate network users' IDs and maintain network security.
- Cloud Consultant - These are experts who assist organizations with their internet-based services and systems. They commonly analyze client data and then determine the best solution for the client's security and storage needs in the cloud. Some cloud consultants even write custom code to make the system run properly.
- Security Engineer - Security engineers develop security and data software to help protect data from theft and other crimes. They also analyze systems, construct firewalls, and handle penetration testing.
- Network Security Engineer - These individuals design, inspect and maintain secure computer networks. They act as monitors search out network vulnerabilities and locate and eradicate threats.
- Risk Manager - Cyber risk management is the ongoing process of diagnosing and handling an organization's cyber threats. They examine a computer network and then evaluate the network by comparing its setup and features to best practices in the industry to assess the risk posed to the data that lives on that network. They audit policies and procedures to make sure they are adequate to protect the network.
- Chief Information Security Officer (CISO) - This individual is an executive who is very high up in an organization. He or she is charged with managing the systems, software and support staff for an organization. These individuals are very important to the data security of an organization and some CISO's have salaries above $500,000 per year.
- Software Architect - These individuals create and launch new software or software program features. They are security experts who typically manage a team of software programmers ensuring that the software works and is secure. They tend to be very good coders because they are charged with evaluating and often debugging the code written by others.
My own work as an attorney has often involved cybersecurity. My business clients often suffer cybersecurity attacks. The role I play is to help respond to the attack by connecting my victimized client with a cybersecurity expert to get into the computers, analyze what happened with special software, repair the damage if possible, and then plug the hole that the cybercriminal into the system in the first place.
So, how do you become a cybersecurity expert? If you like software and computers and like to constantly learn new things, it may be a great career choice. There are cybersecurity degree programs at colleges and universities. There are different options like an associate's degree (2 years), a bachelor's degree (4 years), master's degree (usually 2 more years beyond the bachelor level) and even doctorate programs, which take several years beyond the masters level.
A quicker alternative if you are good with computers can be the various certifications available, which don't require a degree. Many cybersecurity jobs require these certifications. Some common entry level certifications are: CompTIA Security+, Certified Information Systems Security Professional (CISSP), offered by the ISACA (Information Systems and Audit and Control Association) .
The International Association for Privacy Professionals (IAPP) also offers several respected certifications, including the CIPP/US (Certified Information Privacy Professional specializing in U.S. rules), the CIPM (Certified Information Privacy Manager).
These non-degree certifications require extensive study and passing an exam and can take from a few weeks to over a year to prepare for.
One other fantastic aspect to the cybersecurity profession is that much of the work can be done remotely from anywhere in the world with an internet connection.
As to your other questions, most cybersecurity professionals work as part of a team of some kind. They either manage an IT department or team, manage a team of software coders, or work as part of a team responding to an incident. A typical day, in my experience working with these individuals, is they may have meetings (maybe a lot of meetings), projects to work on, and reports to prepare. There are individual cybersecurity consultants who may specialize in one area and who may work alone more often.
As to the projects they can work on, they may be long-term or shorter-term, depending on their areas of expertise and what type of organization they work for. A software coding project or large software installation project, for example, can last years. A forensic expert responding to a single intrusion may only last for a few days or weeks, depending on the severity and what the client wants him to do.
There are a lot different specialties within the field. The best way to figure out which one suits you is to get a job or internship with a company or cybersecurity firm. You can meet with and talk to folks actually in the field. There are also tons of free and low cost training materials on-line. Kahn Academy, Google and many of the big universities have courses on cybersecurity. If you are not sure you want to pursue a degree, start with one of the easier certifications. See how you like the study guides. Then pass he test and start looking for a job. You do self-study or take a formal class, depending on how you learn best.
Talk to schools that have cybersecurity programs. Admission counselors will have great information on the job market, best areas to specialize in and financial aid.
This is an exciting field that is growing like crazy and will do so for many years to come. You can make a great salary as a cybersecurity professional. If you couple a cybersecurity certification with a business or law degree, you will have even more opportunities. Companies pay well for this because cybersecurity is a mission-critical role. If the data is not secure, the very life of the company is at risk and company owners know this. So they hire the best people and pay well if you're good at your job and have the training.
Good luck!
Explore your options on-line. Visit schools and talk to people in the industry.
See what area of the field appeals to you (software, network management, forensic analysis) and pursue that.
Try to get a job in the field or even an unpaid internship to get a feel for what these folks do on a daily basis.
Network like crazy to meet people in the business. Your connections may have the a tip for your next job.
Great question. And cybersecurity is a great field to get into. I'll try to answer your many questions here.
A computer science/coding background is a great way to get into cybersecurity. So what is 'cybersecurity. The term "cybersecurity" is a broad term that encompasses a lot of different career paths. At a very basic level, cybersecurity professionals are tasked with being the first line of defense against cyberattacks. Cyberattacks are computer-based attacks launched against individuals, companies, and even entire countries. Attacks by cyberhackers are constantly working to get past computer security measures so they can steal valuable data, like personal photos, credit card numbers, bank account information, social security numbers, passwords, and secret company information. Cybercriminals then sell or use the data or may send a ransom demand seeking money or other payment (often Bitcoin) to get the data back or to purchase an encryption key to unlock the data that has been encrypted. These data breaches can be personally devastating and, in the case of a business, can cripple the business. Upward of 50% of businesses that suffer a successful cyberattack never recover and have to close.
This is a great field to get into because, as of this writing, there are over 3.5 million unfilled jobs in the cybersecurity field. Most of them pay very well. The jobs discussed in this post pay quite well from a low of about $75,000 per year to over $180,000 per year, depending on the region of the country.
So what types of jobs are there in cybersecurity? Here are just a few:
- Penetration Testing - Penetration testers constantly test computer networks (usually for businesses or government agencies) for holes that cyberhackers can exploit to get at the data.
- Forensic Analyst - Forensic analysts typically come in after a breach to analyze the problem and figure out what happened, what was taken, and how to plug the hole. Forensic analysts often work in connection with litigation or a criminal investigations.
- Identity and Access Control Manager - These individuals are tasked with constructing secure onsite and cloud network environments. Their role is manage data, manage authorized access and block unauthorized access to confidential material. They work with developers to validate network users' IDs and maintain network security.
- Cloud Consultant - These are experts who assist organizations with their internet-based services and systems. They commonly analyze client data and then determine the best solution for the client's security and storage needs in the cloud. Some cloud consultants even write custom code to make the system run properly.
- Security Engineer - Security engineers develop security and data software to help protect data from theft and other crimes. They also analyze systems, construct firewalls, and handle penetration testing.
- Network Security Engineer - These individuals design, inspect and maintain secure computer networks. They act as monitors search out network vulnerabilities and locate and eradicate threats.
- Risk Manager - Cyber risk management is the ongoing process of diagnosing and handling an organization's cyber threats. They examine a computer network and then evaluate the network by comparing its setup and features to best practices in the industry to assess the risk posed to the data that lives on that network. They audit policies and procedures to make sure they are adequate to protect the network.
- Chief Information Security Officer (CISO) - This individual is an executive who is very high up in an organization. He or she is charged with managing the systems, software and support staff for an organization. These individuals are very important to the data security of an organization and some CISO's have salaries above $500,000 per year.
- Software Architect - These individuals create and launch new software or software program features. They are security experts who typically manage a team of software programmers ensuring that the software works and is secure. They tend to be very good coders because they are charged with evaluating and often debugging the code written by others.
My own work as an attorney has often involved cybersecurity. My business clients often suffer cybersecurity attacks. The role I play is to help respond to the attack by connecting my victimized client with a cybersecurity expert to get into the computers, analyze what happened with special software, repair the damage if possible, and then plug the hole that the cybercriminal into the system in the first place.
So, how do you become a cybersecurity expert? If you like software and computers and like to constantly learn new things, it may be a great career choice. There are cybersecurity degree programs at colleges and universities. There are different options like an associate's degree (2 years), a bachelor's degree (4 years), master's degree (usually 2 more years beyond the bachelor level) and even doctorate programs, which take several years beyond the masters level.
A quicker alternative if you are good with computers can be the various certifications available, which don't require a degree. Many cybersecurity jobs require these certifications. Some common entry level certifications are: CompTIA Security+, Certified Information Systems Security Professional (CISSP), offered by the ISACA (Information Systems and Audit and Control Association) .
The International Association for Privacy Professionals (IAPP) also offers several respected certifications, including the CIPP/US (Certified Information Privacy Professional specializing in U.S. rules), the CIPM (Certified Information Privacy Manager).
These non-degree certifications require extensive study and passing an exam and can take from a few weeks to over a year to prepare for.
One other fantastic aspect to the cybersecurity profession is that much of the work can be done remotely from anywhere in the world with an internet connection.
As to your other questions, most cybersecurity professionals work as part of a team of some kind. They either manage an IT department or team, manage a team of software coders, or work as part of a team responding to an incident. A typical day, in my experience working with these individuals, is they may have meetings (maybe a lot of meetings), projects to work on, and reports to prepare. There are individual cybersecurity consultants who may specialize in one area and who may work alone more often.
As to the projects they can work on, they may be long-term or shorter-term, depending on their areas of expertise and what type of organization they work for. A software coding project or large software installation project, for example, can last years. A forensic expert responding to a single intrusion may only last for a few days or weeks, depending on the severity and what the client wants him to do.
There are a lot different specialties within the field. The best way to figure out which one suits you is to get a job or internship with a company or cybersecurity firm. You can meet with and talk to folks actually in the field. There are also tons of free and low cost training materials on-line. Kahn Academy, Google and many of the big universities have courses on cybersecurity. If you are not sure you want to pursue a degree, start with one of the easier certifications. See how you like the study guides. Then pass he test and start looking for a job. You do self-study or take a formal class, depending on how you learn best.
Talk to schools that have cybersecurity programs. Admission counselors will have great information on the job market, best areas to specialize in and financial aid.
This is an exciting field that is growing like crazy and will do so for many years to come. You can make a great salary as a cybersecurity professional. If you couple a cybersecurity certification with a business or law degree, you will have even more opportunities. Companies pay well for this because cybersecurity is a mission-critical role. If the data is not secure, the very life of the company is at risk and company owners know this. So they hire the best people and pay well if you're good at your job and have the training.
Good luck!
Matthew L. recommends the following next steps:
Updated
Patrick’s Answer
Cybersecurity is a lot like other jobs, with both short and long term projects. Short term projects might involve fixing a serious data breach or creating a phishing test for company employees. Long term projects could mean checking out new cybersecurity suppliers. This involves talking with them about what their solutions offer, choosing the right ones, and eventually launching them into the network. Companies like CrowdStrike, Palo Alto Networks, and Okta are just a few of the big names you might need to look into. I suggest exploring all the different suppliers and their solutions. It's a great way to start learning about the industry. Good luck! Cybersecurity is a growing field with lots of exciting opportunities.
Updated
Mike’s Answer
Wow, there's so much great advice on what the cybersecurity world is like!
Here's a friendly tip: try checking out local chapters of professional organizations. Groups like ISSA and ISACA often have regular meetings and share their contact info. You can reach out and maybe attend some events. Many of these meetings welcome students, offering free lunches, interesting presentations, and a chance to meet people in the field. You might even get a chance to shadow someone and see what their work is like.
This could open doors to internships or even jobs. You never know!
Good luck with your future career!
Consider reaching out to local professional organizations in Cyber Security.
Here's a friendly tip: try checking out local chapters of professional organizations. Groups like ISSA and ISACA often have regular meetings and share their contact info. You can reach out and maybe attend some events. Many of these meetings welcome students, offering free lunches, interesting presentations, and a chance to meet people in the field. You might even get a chance to shadow someone and see what their work is like.
This could open doors to internships or even jobs. You never know!
Good luck with your future career!
Mike recommends the following next steps:
Edmond Momartin ☁️
Public Cloud Security & Compliance AT&T | MBA InfoSec | OWASP-LA Board
99
Answers
Updated
Edmond’s Answer
I commend you for asking a question and providing so much detail. That shows you already have good written communication skills.
Cybersecurity is a very broad field - sometimes touching disciplines that might not seem to be related, so my suggestion is first spend some time and read through the "Explore Cybersecurity Career Options" section of https://niccs.cisa.gov/education-training/cybersecurity-students - the page provides a great overview of all available areas in cybersecurity.
The answer is - it depends. All require a mix of team work and independent activities but the levels vary, some are short-term, some require months, years to conclude (e.g. cyber crime investigations). So pick one that you feel best fits your non-cyber skills, talent, and aptitudes.
Cybersecurity is a very broad field - sometimes touching disciplines that might not seem to be related, so my suggestion is first spend some time and read through the "Explore Cybersecurity Career Options" section of https://niccs.cisa.gov/education-training/cybersecurity-students - the page provides a great overview of all available areas in cybersecurity.
The answer is - it depends. All require a mix of team work and independent activities but the levels vary, some are short-term, some require months, years to conclude (e.g. cyber crime investigations). So pick one that you feel best fits your non-cyber skills, talent, and aptitudes.