7 answers
Lillian
Student
Kokstad, KwaZulu-Natal, South Africa
1
Question
Updated
2608 views
Cyber-security career related questions?
Hi, am wanting to pursue a career in cyber-security. I have a project about interviewing someone in this career, so i wanted to ask some questions.
1. What inspired you to pursue a career in cyber-security?
2. What does a typical day look like in your field?
3. What kind of education or certifications are most valuable in this field?
4. What are the biggest threats or challenges you deal with daily?
5. How do you stay up to date with new security risks and technologies?
6. Can you share a memorable moment when you prevented a breach of security?
7. What soft skills are important in cyber-security, beyond technical knowledge?
8. What misconceptions do people have about cyber- security careers?
9. What advice would you give a student interested in cyber-security?
10. Where do you see the future of cyber-security heading in the next 5 to 10 years?
Login to comment
6 answers
Rob Lowe - CISM, CISA, IRAP
Senior Security Compliance Analyst
2
Answers
Happy Valley, South Australia, Australia
Updated
Rob’s Answer
1. What inspired you to pursue a career in cybersecurity?
I wanted to help protect people online, and since I was already in a security role, cybersecurity seemed like a perfect fit.
2. What does a typical day look like in your field?
I start by responding to emails and inquiries, check on my team's projects, verify security controls, help with security issues, and find ways to improve our processes and support the company.
3. What kind of education or certifications are most valuable in this field?
It depends on the area of cybersecurity and the position level. For entry-level roles, I recommend SANS Security Bootcamp, CompTIA Security+, and introductory cyber courses.
4. What are the biggest threats or challenges you deal with daily?
The biggest challenge is keeping up with fast changes in technology, software, hardware, and security threats. Compliance requirements and recommendations are always evolving.
5. How do you stay up to date with new security risks and technologies?
I follow industry updates from governing bodies and make time to read and understand the latest changes.
6. Can you share a memorable moment when you prevented a security breach?
It wasn't exactly a breach, but I helped identify an issue with a vulnerability scanner in a large organization. With the internal architecture team's help, we found that the scanner wasn't detecting some security updates.
7. What soft skills are important in cybersecurity, beyond technical knowledge?
Social skills and teamwork are crucial. Many problems need collaboration to solve. I've succeeded in my career because decision-makers knew me and trusted my abilities.
8. What misconceptions do people have about cybersecurity careers?
A common misconception is that it's all technical. While some roles are technical, there are also valuable non-technical roles.
9. What advice would you give a student interested in cybersecurity?
Research and attend IT security and cyber networking events. When I started, I spent hours on YouTube learning about different certifications and roles.
10. Where do you see the future of cybersecurity heading in the next 5 to 10 years?
There will be more reliance on AI and automation, and technical roles will become more complex as they deal with a broader range of threats introduced by AI.
I wanted to help protect people online, and since I was already in a security role, cybersecurity seemed like a perfect fit.
2. What does a typical day look like in your field?
I start by responding to emails and inquiries, check on my team's projects, verify security controls, help with security issues, and find ways to improve our processes and support the company.
3. What kind of education or certifications are most valuable in this field?
It depends on the area of cybersecurity and the position level. For entry-level roles, I recommend SANS Security Bootcamp, CompTIA Security+, and introductory cyber courses.
4. What are the biggest threats or challenges you deal with daily?
The biggest challenge is keeping up with fast changes in technology, software, hardware, and security threats. Compliance requirements and recommendations are always evolving.
5. How do you stay up to date with new security risks and technologies?
I follow industry updates from governing bodies and make time to read and understand the latest changes.
6. Can you share a memorable moment when you prevented a security breach?
It wasn't exactly a breach, but I helped identify an issue with a vulnerability scanner in a large organization. With the internal architecture team's help, we found that the scanner wasn't detecting some security updates.
7. What soft skills are important in cybersecurity, beyond technical knowledge?
Social skills and teamwork are crucial. Many problems need collaboration to solve. I've succeeded in my career because decision-makers knew me and trusted my abilities.
8. What misconceptions do people have about cybersecurity careers?
A common misconception is that it's all technical. While some roles are technical, there are also valuable non-technical roles.
9. What advice would you give a student interested in cybersecurity?
Research and attend IT security and cyber networking events. When I started, I spent hours on YouTube learning about different certifications and roles.
10. Where do you see the future of cybersecurity heading in the next 5 to 10 years?
There will be more reliance on AI and automation, and technical roles will become more complex as they deal with a broader range of threats introduced by AI.
Travis Evers
Senior Knowledge Engineer
3
Answers
Vancouver, Washington
Updated
Travis’s Answer
1. What inspired you to pursue a career in cybersecurity?
- Honestly, I stumbled into it by accident after trying to get into networking technology. It turned out to be the best surprise ever.
2. What does a typical day look like in your field?
- I spend my day fixing technical issues, meeting with my team or stakeholders, making presentations, and replying to messages on Slack.
3. What kind of education or certifications are most valuable in this field?
- This is tricky because AI is changing things fast. For now, stick to the basics. Learn how technology works, understand data flow, and know DNS and networking well enough to explain them to someone’s grandma.
4. What are the biggest threats or challenges you deal with daily?
- Technology evolves so quickly. Something you spent months learning might become outdated, and new tech is always popping up. You have to keep learning all the time.
5. How do you stay up to date with new security risks and technologies?
- I do a lot of reading, mainly on Reddit.
6. Can you share a memorable moment when you prevented a breach of security?
- I work on a team that manages technical documents for a support team. We often prevent sensitive information from being accidentally shared, which happens almost daily.
7. What soft skills are important in cybersecurity, beyond technical knowledge?
- Being able to communicate clearly and effectively is key.
8. What misconceptions do people have about cybersecurity careers?
- People think these jobs are always exciting and fast-paced. Sometimes they are, but often it's about updating spreadsheets or making presentations.
9. What advice would you give a student interested in cybersecurity?
- Learn the basics first. Don’t rush into cybersecurity without understanding what it’s all about.
10. Where do you see the future of cybersecurity heading in the next 5 to 10 years?
- It will become even more important as bad actors use AI to find new ways to bypass security.
- Honestly, I stumbled into it by accident after trying to get into networking technology. It turned out to be the best surprise ever.
2. What does a typical day look like in your field?
- I spend my day fixing technical issues, meeting with my team or stakeholders, making presentations, and replying to messages on Slack.
3. What kind of education or certifications are most valuable in this field?
- This is tricky because AI is changing things fast. For now, stick to the basics. Learn how technology works, understand data flow, and know DNS and networking well enough to explain them to someone’s grandma.
4. What are the biggest threats or challenges you deal with daily?
- Technology evolves so quickly. Something you spent months learning might become outdated, and new tech is always popping up. You have to keep learning all the time.
5. How do you stay up to date with new security risks and technologies?
- I do a lot of reading, mainly on Reddit.
6. Can you share a memorable moment when you prevented a breach of security?
- I work on a team that manages technical documents for a support team. We often prevent sensitive information from being accidentally shared, which happens almost daily.
7. What soft skills are important in cybersecurity, beyond technical knowledge?
- Being able to communicate clearly and effectively is key.
8. What misconceptions do people have about cybersecurity careers?
- People think these jobs are always exciting and fast-paced. Sometimes they are, but often it's about updating spreadsheets or making presentations.
9. What advice would you give a student interested in cybersecurity?
- Learn the basics first. Don’t rush into cybersecurity without understanding what it’s all about.
10. Where do you see the future of cybersecurity heading in the next 5 to 10 years?
- It will become even more important as bad actors use AI to find new ways to bypass security.
Sandeep Dogra
TECHNOLOGIST
7
Answers
Bengaluru, Karnataka, India
Updated
Sandeep’s Answer
I'm not an expert in this field, but I've learned a bit from friends who work in cyber-security. Here's what I've gathered:
1. What inspired you to pursue a career in cyber-security? This field combines technology, problem-solving, and the latest tech developments, making it always relevant.
2. What does a typical day look like in your field? It involves investigating problems, improving skills, connecting information, and handling various tasks.
3. What kind of education or certifications are most valuable in this field? A bachelor's degree in computer science or a related field, along with certifications or a master's degree, is valuable.
4. What are the biggest threats or challenges you deal with daily? Facing new challenges and solving complex problems is common. Sometimes finding the root cause is tough, so perseverance is important.
5. How do you stay up to date with new security risks and technologies? By getting hands-on experience, attending training, workshops, seminars, and regularly reading the latest articles.
6. Can you share a memorable moment when you prevented a breach of security?
7. What soft skills are important in cyber-security, beyond technical knowledge? Being able to connect different pieces of information is crucial.
8. What misconceptions do people have about cyber-security careers?
9. What advice would you give a student interested in cyber-security? Focus on developing research, analysis, and analytical skills.
10. Where do you see the future of cyber-security heading in the next 5 to 10 years? It will remain a key area as more companies adopt IT technology, and strong cyber-security is essential for a stable system.
1. What inspired you to pursue a career in cyber-security? This field combines technology, problem-solving, and the latest tech developments, making it always relevant.
2. What does a typical day look like in your field? It involves investigating problems, improving skills, connecting information, and handling various tasks.
3. What kind of education or certifications are most valuable in this field? A bachelor's degree in computer science or a related field, along with certifications or a master's degree, is valuable.
4. What are the biggest threats or challenges you deal with daily? Facing new challenges and solving complex problems is common. Sometimes finding the root cause is tough, so perseverance is important.
5. How do you stay up to date with new security risks and technologies? By getting hands-on experience, attending training, workshops, seminars, and regularly reading the latest articles.
6. Can you share a memorable moment when you prevented a breach of security?
7. What soft skills are important in cyber-security, beyond technical knowledge? Being able to connect different pieces of information is crucial.
8. What misconceptions do people have about cyber-security careers?
9. What advice would you give a student interested in cyber-security? Focus on developing research, analysis, and analytical skills.
10. Where do you see the future of cyber-security heading in the next 5 to 10 years? It will remain a key area as more companies adopt IT technology, and strong cyber-security is essential for a stable system.
Peter Huang
Security consultant
85
Answers
Cupertino, California
Updated
Peter’s Answer
My answers might not be completely accurate since I'm more less a subject mater expert with the data in questions than standard soc analyst
1. What inspired you to pursue a career in cybersecurity? I enjoy solving interesting problems.
2. What does a typical day look like in your field? It varies. Sometimes, I analyze system events to see if they're important. Other times, I set up sensors for data collection.
3. What education or certifications are most valuable in this field? Many people have CompTIA Security+ and CISSP.
4. What are the biggest threats or challenges you face daily? Identifying the source of unusual events and diagnosing them is a big challenge.
5. How do you stay updated with new security risks and technologies? I watch security broadcasts on YouTube and monitor OTX events from sources like AlienVault.
6. Can you share a memorable moment when you prevented a security breach? I can't discuss specific incidents.
7. What soft skills are important in cybersecurity, beyond technical knowledge? Good writing skills are crucial for summarizing incidents and planning next steps.
8. What misconceptions do people have about cybersecurity careers? People often think it's all about catching bad guys, but it involves a lot of work like placing sensors and finding the right tools.
9. What advice would you give a student interested in cybersecurity? Enjoy solving puzzles and develop strong pattern recognition skills.
10. Where do you see the future of cybersecurity in the next 5 to 10 years? Event processing will likely be automated, but building secure systems will remain important.
1. What inspired you to pursue a career in cybersecurity? I enjoy solving interesting problems.
2. What does a typical day look like in your field? It varies. Sometimes, I analyze system events to see if they're important. Other times, I set up sensors for data collection.
3. What education or certifications are most valuable in this field? Many people have CompTIA Security+ and CISSP.
4. What are the biggest threats or challenges you face daily? Identifying the source of unusual events and diagnosing them is a big challenge.
5. How do you stay updated with new security risks and technologies? I watch security broadcasts on YouTube and monitor OTX events from sources like AlienVault.
6. Can you share a memorable moment when you prevented a security breach? I can't discuss specific incidents.
7. What soft skills are important in cybersecurity, beyond technical knowledge? Good writing skills are crucial for summarizing incidents and planning next steps.
8. What misconceptions do people have about cybersecurity careers? People often think it's all about catching bad guys, but it involves a lot of work like placing sensors and finding the right tools.
9. What advice would you give a student interested in cybersecurity? Enjoy solving puzzles and develop strong pattern recognition skills.
10. Where do you see the future of cybersecurity in the next 5 to 10 years? Event processing will likely be automated, but building secure systems will remain important.
Cameron Krug, CPA, CISA
Internal Audit Manager
3
Answers
San Marcos, California
Updated
Cameron’s Answer
1. What inspired you to pursue this career?
Honestly, my path wasn't the typical one. I wasn't the kid in a hoodie trying to hack my school's network. I was always more interested in the "trust" side of the equation. In a world where everything is digital, how do we prove our systems are safe? How do our customers know we're protecting their identity data?
My job in internal audit lets me be at the center of that. I’m motivated by dissecting complex systems to find the cracks before a bad guy does. It's like being a detective, but for business processes and technology risk.
2. What does a typical day look like?
My day isn't about chasing live-fire incidents. It's all about process, risk, and control. It usually breaks down into three buckets:
Planning: I'm figuring out what the highest-risk areas of the company are. For us, that could be our product's development pipeline, how we manage "super-admin" accounts, or our compliance with standards like SOX (Sarbanes-Oxley).
Fieldwork: This is where we start digging in. I'm interviewing VPs and engineers, reading documentation, and, most importantly, testing the controls. For example, I’ll take a sample of 50 employees who left the company and test to make sure their access was really turned off on time.
Reporting: My "product" is the audit report. This is where I have to clearly explain why a gap matters—the "so what?"—and agree on a practical fix with leadership. It’s a lot of meetings, negotiation, and writing.
3. What education or certifications are most valuable?
In my specific corner of the universe—Business Process Audit, IT Audit, and GRC (Governance, Risk, and Compliance)—the "gold standard" is the CPA (Certified Public Accountant) and the CISA (Certified Information Systems Auditor) from ISACA.
Your front-line security folks are going to lean into the CISSP (Certified Information Systems Security Professional) or technical certs (like AWS or Azure). The CPA and/or the CISA or what proves you know how to audit and assess those systems.
Others that are huge in my world are:
CRISC (Certified in Risk and Information Systems Control)
CISM (Certified Information Security Manager)
CIA (Certified Internal Auditor)
4. What are the biggest threats or challenges you deal with?
The front-line SOC team worries about a specific attacker right now. I worry about control failure and process decay over time.
My biggest challenge is making sure our security controls aren't just "shelf-ware"—that they're not just designed well but are actually working every single day. In the Identity world, the big risks I audit for are:
Privileged Access Abuse: Someone with "super admin" keys doing something they shouldn't.
Identity Lifecycle Failures: The process for de-provisioning a terminated employee's access is too slow. This is a classic audit finding.
Misconfiguration: Someone setting up our IAM tool incorrectly, leaving a huge hole.
Elite Insight
But here's the Elite Insight... The real killer isn't a single failed control. It's strategic misalignment. For example, the product team is pushed by Sales to launch a new feature (the business priority) and they accept a security risk that the CISO (the security priority) isn't comfortable with. My job is to find those gaps in governance—where business strategy and risk appetite are out of sync. That's where the real disasters start.
5. How do I stay up to date?
My "threat feed" is a little different. I'm not just watching attacker forums. I'm monitoring:
Regulators: What is the SEC or the PCAOB (for SOX) focused on?
Standard-Setters: I follow updates from ISACA, the IIA (Institute of Internal Auditors), and NIST.
Public Filings: I also find it valuable to read the annual 10-K reports (especially the "Risk Factors" section) of other large tech companies. It tells me what they're publicly worried about, which is a great gut-check for my own risk assessment. Right now, AI governance and supply chain risk are at the top of many lists.
6. Can you share a memorable moment when you prevented a breach?
You've got to remember, auditors prevent breaches indirectly. We find the hole before it's used.
I remember one audit where we were looking at the automated "joiners-movers-leavers" process. We found a logic flaw where an employee moving from a low-risk role (like marketing) to a high-risk role (like database admin) would keep all their old access in addition to their new, powerful rights.
This created "privilege creep," which is a goldmine for an attacker. By finding this, we forced a re-engineering of the process and closed a systemic gap that could have been exploited.
7. What soft skills are important?
I'll be honest, for an auditor, soft skills are at least as important as the tech skills. Maybe more.
Professional Skepticism: This is the art of "trust, but verify." It's asking "how do you know?" and not just taking someone's word for it. You have to see the evidence.
Influencing & Negotiation: Look, you're telling people their process is broken. You have to be able to do that factually, build a case based on risk, and persuade them to fix it without making enemies.
Business Acumen: This is the big one. You have to connect a technical finding to a business risk. "The firewall rule is misconfigured" is a weak finding. "This firewall misconfiguration exposes our customer billing database, which could lead to a breach, regulatory fines, and customer churn" is what gets a VP to take action.
8. What misconceptions do people have?
Hands down, the biggest misconception is that we're the "police." That we're just "check-box tickers" who show up to say "no."
That's not my job. I'm not a roadblock; I'm a partner. A good audit team is basically free consulting. We help the business see its own risks so it can make smarter decisions.
Another one, especially at a tech company, is that security is just the CISO's problem. It's not. Risk is owned by the business. My stakeholders are everyone from a product manager to a sales leader.
9. What advice would you give a student interested in cyber-security?
My advice is always the same: Build a "T-shaped" skillset.
The vertical bar of the "T" is your deep technical specialty. Pick one and get good at it (cloud, identity, network security, whatever).
The horizontal bar is your broad business and communication knowledge. Learn how a business makes money. Learn to write a clear email. Learn to give a presentation.
The purely technical expert hits a career ceiling. The person who can translate technical risk into business impact—that's the person who becomes a CISO or a senior leader.
10. Where do you see the future of cyber-security heading?
From where I sit, the future is clearly about two things: Identity and AI.
Identity is the New Perimeter: The old "castle-and-moat" security model is dead. With cloud, remote work, and mobile devices, there is no "inside" or "outside" anymore. The only thing you can build a defense around is the user's identity. This is Zero Trust. It’s why our company's mission is so critical.
Auditing AI: This is the next mountain to climb. How do we, as auditors, get comfortable that an AI model is fair, secure, and not a "black box" making biased decisions? We can't just "test a sample" anymore. This is the new frontier for audit, risk, and security. The entire industry is investing heavily in frameworks for this, and regulators are right behind them.
Honestly, my path wasn't the typical one. I wasn't the kid in a hoodie trying to hack my school's network. I was always more interested in the "trust" side of the equation. In a world where everything is digital, how do we prove our systems are safe? How do our customers know we're protecting their identity data?
My job in internal audit lets me be at the center of that. I’m motivated by dissecting complex systems to find the cracks before a bad guy does. It's like being a detective, but for business processes and technology risk.
2. What does a typical day look like?
My day isn't about chasing live-fire incidents. It's all about process, risk, and control. It usually breaks down into three buckets:
Planning: I'm figuring out what the highest-risk areas of the company are. For us, that could be our product's development pipeline, how we manage "super-admin" accounts, or our compliance with standards like SOX (Sarbanes-Oxley).
Fieldwork: This is where we start digging in. I'm interviewing VPs and engineers, reading documentation, and, most importantly, testing the controls. For example, I’ll take a sample of 50 employees who left the company and test to make sure their access was really turned off on time.
Reporting: My "product" is the audit report. This is where I have to clearly explain why a gap matters—the "so what?"—and agree on a practical fix with leadership. It’s a lot of meetings, negotiation, and writing.
3. What education or certifications are most valuable?
In my specific corner of the universe—Business Process Audit, IT Audit, and GRC (Governance, Risk, and Compliance)—the "gold standard" is the CPA (Certified Public Accountant) and the CISA (Certified Information Systems Auditor) from ISACA.
Your front-line security folks are going to lean into the CISSP (Certified Information Systems Security Professional) or technical certs (like AWS or Azure). The CPA and/or the CISA or what proves you know how to audit and assess those systems.
Others that are huge in my world are:
CRISC (Certified in Risk and Information Systems Control)
CISM (Certified Information Security Manager)
CIA (Certified Internal Auditor)
4. What are the biggest threats or challenges you deal with?
The front-line SOC team worries about a specific attacker right now. I worry about control failure and process decay over time.
My biggest challenge is making sure our security controls aren't just "shelf-ware"—that they're not just designed well but are actually working every single day. In the Identity world, the big risks I audit for are:
Privileged Access Abuse: Someone with "super admin" keys doing something they shouldn't.
Identity Lifecycle Failures: The process for de-provisioning a terminated employee's access is too slow. This is a classic audit finding.
Misconfiguration: Someone setting up our IAM tool incorrectly, leaving a huge hole.
Elite Insight
But here's the Elite Insight... The real killer isn't a single failed control. It's strategic misalignment. For example, the product team is pushed by Sales to launch a new feature (the business priority) and they accept a security risk that the CISO (the security priority) isn't comfortable with. My job is to find those gaps in governance—where business strategy and risk appetite are out of sync. That's where the real disasters start.
5. How do I stay up to date?
My "threat feed" is a little different. I'm not just watching attacker forums. I'm monitoring:
Regulators: What is the SEC or the PCAOB (for SOX) focused on?
Standard-Setters: I follow updates from ISACA, the IIA (Institute of Internal Auditors), and NIST.
Public Filings: I also find it valuable to read the annual 10-K reports (especially the "Risk Factors" section) of other large tech companies. It tells me what they're publicly worried about, which is a great gut-check for my own risk assessment. Right now, AI governance and supply chain risk are at the top of many lists.
6. Can you share a memorable moment when you prevented a breach?
You've got to remember, auditors prevent breaches indirectly. We find the hole before it's used.
I remember one audit where we were looking at the automated "joiners-movers-leavers" process. We found a logic flaw where an employee moving from a low-risk role (like marketing) to a high-risk role (like database admin) would keep all their old access in addition to their new, powerful rights.
This created "privilege creep," which is a goldmine for an attacker. By finding this, we forced a re-engineering of the process and closed a systemic gap that could have been exploited.
7. What soft skills are important?
I'll be honest, for an auditor, soft skills are at least as important as the tech skills. Maybe more.
Professional Skepticism: This is the art of "trust, but verify." It's asking "how do you know?" and not just taking someone's word for it. You have to see the evidence.
Influencing & Negotiation: Look, you're telling people their process is broken. You have to be able to do that factually, build a case based on risk, and persuade them to fix it without making enemies.
Business Acumen: This is the big one. You have to connect a technical finding to a business risk. "The firewall rule is misconfigured" is a weak finding. "This firewall misconfiguration exposes our customer billing database, which could lead to a breach, regulatory fines, and customer churn" is what gets a VP to take action.
8. What misconceptions do people have?
Hands down, the biggest misconception is that we're the "police." That we're just "check-box tickers" who show up to say "no."
That's not my job. I'm not a roadblock; I'm a partner. A good audit team is basically free consulting. We help the business see its own risks so it can make smarter decisions.
Another one, especially at a tech company, is that security is just the CISO's problem. It's not. Risk is owned by the business. My stakeholders are everyone from a product manager to a sales leader.
9. What advice would you give a student interested in cyber-security?
My advice is always the same: Build a "T-shaped" skillset.
The vertical bar of the "T" is your deep technical specialty. Pick one and get good at it (cloud, identity, network security, whatever).
The horizontal bar is your broad business and communication knowledge. Learn how a business makes money. Learn to write a clear email. Learn to give a presentation.
The purely technical expert hits a career ceiling. The person who can translate technical risk into business impact—that's the person who becomes a CISO or a senior leader.
10. Where do you see the future of cyber-security heading?
From where I sit, the future is clearly about two things: Identity and AI.
Identity is the New Perimeter: The old "castle-and-moat" security model is dead. With cloud, remote work, and mobile devices, there is no "inside" or "outside" anymore. The only thing you can build a defense around is the user's identity. This is Zero Trust. It’s why our company's mission is so critical.
Auditing AI: This is the next mountain to climb. How do we, as auditors, get comfortable that an AI model is fair, secure, and not a "black box" making biased decisions? We can't just "test a sample" anymore. This is the new frontier for audit, risk, and security. The entire industry is investing heavily in frameworks for this, and regulators are right behind them.
Timiebi Barabara
1
Answer
Enugu, Nigeria
Updated
Timiebi’s Answer
Cyber-Security Career Interview
1. What inspired you to pursue a career in cyber-security?
I’ve always been fascinated by technology and problem-solving. During college, I took a course on computer networks and learned how easily systems could be compromised if not properly secured. That realization sparked my interest. I wanted to be part of the solution helping people, companies, and even governments protect sensitive data and maintain trust in digital systems.
2. What does a typical day look like in your field?
No two days are ever the same, which keeps things exciting. On a regular day, I monitor security alerts, review logs for suspicious activity, and ensure our systems and firewalls are up to date. I also conduct vulnerability assessments, apply security patches, and sometimes respond to incidents if a potential breach occurs. A good part of my day also involves documentation and meetings to plan security policies with other departments.
3. What kind of education or certifications are most valuable in this field?
A degree in computer science, information technology, or cyber-security provides a strong foundation. But certifications are equally important, they demonstrate hands-on skills and credibility. Some of the most respected ones include CompTIA Security+, Certified Ethical Hacker (CEH), CISSP (Certified Information Systems Security Professional), and Certified Information Security Manager (CISM). Continuous learning is essential because threats evolve daily.
4. What are the biggest threats or challenges you deal with daily?
The biggest challenge is that cyber threats are constantly changing. Hackers are always finding new ways to exploit systems, especially through phishing attacks, ransomware, and social engineering. Human error is another major issue, even the most secure system can be compromised if an employee clicks on a malicious link. Keeping users educated and systems updated is a daily battle.
5. How do you stay up to date with new security risks and technologies?
I read cyber-security blogs, follow threat intelligence reports, and participate in online communities like Reddit’s /r/netsec or professional groups on LinkedIn. I also attend security conferences and take refresher courses regularly. Staying current is part of the job, if you fall behind, you become vulnerable.
6. Can you share a memorable moment when you prevented a breach of security?
One memorable case was when our system detected unusual login attempts from multiple global locations within a few minutes. I immediately initiated a lockdown on all admin accounts and traced the IP addresses to a known malicious network. It turned out to be a coordinated brute-force attack. Because we acted quickly, no data was lost and the attackers were blocked before they gained access.
7. What soft skills are important in cyber-security, beyond technical knowledge?
Communication is huge. You need to explain complex issues to non-technical people clearly, especially when presenting risks to management. Teamwork and attention to detail are also vital, one small oversight can lead to a big problem. Problem-solving and critical thinking help you analyze incidents effectively and make fast, informed decisions under pressure.
8. What misconceptions do people have about cyber-security careers?
Many people think it’s just about “hacking” or sitting in front of a computer coding all day. In reality, it’s a very diverse field that involves policy-making, training, analysis, and even psychology , understanding how people behave online. Another misconception is that you need to be a math genius or have decades of coding experience. While technical skills help, persistence, curiosity, and a willingness to learn are far more important.
9. What advice would you give a student interested in cyber-security?
Start by building a strong foundation in computer networks and operating systems. Learn the basics of how the internet works. Then practice, there are great free resources and platforms like TryHackMe or Hack The Box to develop your skills legally. Don’t be afraid to start small, and get involved in local cyber-security groups or online competitions. Stay curious, ethical, and always keep learning.
10. Where do you see the future of cyber-security heading in the next 5 to 10 years?
The future will focus heavily on artificial intelligence, cloud security, and data privacy. As more devices connect to the internet, from cars to home appliances, the attack surface keeps expanding. We’ll also see more emphasis on cyber resilience rather than just prevention, meaning systems will be built to recover faster from attacks. The demand for skilled professionals will continue to grow globally.
1. What inspired you to pursue a career in cyber-security?
I’ve always been fascinated by technology and problem-solving. During college, I took a course on computer networks and learned how easily systems could be compromised if not properly secured. That realization sparked my interest. I wanted to be part of the solution helping people, companies, and even governments protect sensitive data and maintain trust in digital systems.
2. What does a typical day look like in your field?
No two days are ever the same, which keeps things exciting. On a regular day, I monitor security alerts, review logs for suspicious activity, and ensure our systems and firewalls are up to date. I also conduct vulnerability assessments, apply security patches, and sometimes respond to incidents if a potential breach occurs. A good part of my day also involves documentation and meetings to plan security policies with other departments.
3. What kind of education or certifications are most valuable in this field?
A degree in computer science, information technology, or cyber-security provides a strong foundation. But certifications are equally important, they demonstrate hands-on skills and credibility. Some of the most respected ones include CompTIA Security+, Certified Ethical Hacker (CEH), CISSP (Certified Information Systems Security Professional), and Certified Information Security Manager (CISM). Continuous learning is essential because threats evolve daily.
4. What are the biggest threats or challenges you deal with daily?
The biggest challenge is that cyber threats are constantly changing. Hackers are always finding new ways to exploit systems, especially through phishing attacks, ransomware, and social engineering. Human error is another major issue, even the most secure system can be compromised if an employee clicks on a malicious link. Keeping users educated and systems updated is a daily battle.
5. How do you stay up to date with new security risks and technologies?
I read cyber-security blogs, follow threat intelligence reports, and participate in online communities like Reddit’s /r/netsec or professional groups on LinkedIn. I also attend security conferences and take refresher courses regularly. Staying current is part of the job, if you fall behind, you become vulnerable.
6. Can you share a memorable moment when you prevented a breach of security?
One memorable case was when our system detected unusual login attempts from multiple global locations within a few minutes. I immediately initiated a lockdown on all admin accounts and traced the IP addresses to a known malicious network. It turned out to be a coordinated brute-force attack. Because we acted quickly, no data was lost and the attackers were blocked before they gained access.
7. What soft skills are important in cyber-security, beyond technical knowledge?
Communication is huge. You need to explain complex issues to non-technical people clearly, especially when presenting risks to management. Teamwork and attention to detail are also vital, one small oversight can lead to a big problem. Problem-solving and critical thinking help you analyze incidents effectively and make fast, informed decisions under pressure.
8. What misconceptions do people have about cyber-security careers?
Many people think it’s just about “hacking” or sitting in front of a computer coding all day. In reality, it’s a very diverse field that involves policy-making, training, analysis, and even psychology , understanding how people behave online. Another misconception is that you need to be a math genius or have decades of coding experience. While technical skills help, persistence, curiosity, and a willingness to learn are far more important.
9. What advice would you give a student interested in cyber-security?
Start by building a strong foundation in computer networks and operating systems. Learn the basics of how the internet works. Then practice, there are great free resources and platforms like TryHackMe or Hack The Box to develop your skills legally. Don’t be afraid to start small, and get involved in local cyber-security groups or online competitions. Stay curious, ethical, and always keep learning.
10. Where do you see the future of cyber-security heading in the next 5 to 10 years?
The future will focus heavily on artificial intelligence, cloud security, and data privacy. As more devices connect to the internet, from cars to home appliances, the attack surface keeps expanding. We’ll also see more emphasis on cyber resilience rather than just prevention, meaning systems will be built to recover faster from attacks. The demand for skilled professionals will continue to grow globally.