Whether you’re contemplating a career in cybersecurity or have already started down the path, it’s helpful to get a reality check from someone who’s worked in the field. This ebook offers some frank observations to prepare you for what you can expect.
From the ebook:
Cybersecurity is glamorous only in the movies
Hollywood rarely depicts cybersecurity accurately. I’m surprised and pleased if a movie so much as references the concept of an IP address. Most of the time “busting hackers” is made to look intriguing and cool, and cybersecurity pros are depicted at an almost James Bond level of brilliance and sophistication.
Sadly, the reality of cybersecurity is less about catching criminals red-handed through a fiendishly clever trap and more about the daily drudge work. Watching someone combing through logs, applying patches, attending training, and reading security advisories would hardly sell a movie ticket.
Automation is key
It’s essential to learn and apply whatever centralized controls you can use to enact security changes, such as locking down vulnerabilities and patching systems. Relying on Group Policy Objects, configuration management tools like SCCM or Puppet, and even simple bash scripting to execute a “for” loop will save hundreds of hours over the course of your career. These methods will also operate more effectively than manual human intervention, reducing the risk of error or mishap.
You can never test enough
Before rolling out any security-related changes, always thoroughly test them in an environment as similar to your live production environment as possible. Some of these changes can be vastly complex and lead to unexpected results.
For instance, disabling the antiquated TLS (Transportation Layer Security) 1.0 protocol can lead to issues with older SQL databases, and the connection between the change and the resulting problem might not be immediately evident. Thoroughly analyze the results for both users and systems when applying changes in a test environment.