nah, don't worry. These companies are run by people who have trouble setting up WhatsApp. Once they patch a vulnerability that was exploited, they think they're fine. Until it happens next time. Then some bloke gets fired because he failed to do his job (according to management, even if they ignore all of his warnings) and the cycle begins again. I've kinda been there already.
My problem is I don't know what problem to solve lol. I tend to think of my skills first and then think of what I can solve, but I always feel like I can't do crap without coding. So I'm learning Python. The pace of keeping up can consume you, especially any social life. It's tough. Fuc*, everything is so expensive too, can't lose my job. Sometimes I think about leaving the country. Idk how people survive nowadays. Alright, gotta get back to work. Good vid. Happy Friday.
You need to learn python, then once you get it add javascript+SQL+html+css (fullstack web dev) because everything on the web is just that. Then later add c++ for strong typing and memory management. Then master bash and linux. Spend most of your time learning python first and getting good at it, because once you get it, learning any new language will take you half the time. You'd be able to code pretty much anything learning these languages. And yes it takes time, but at a pace of just one hour per day you'd be done before the end of the year.
A few months ago I was hired as a security analyst at a big manufacturing company. We’re constantly looking at cyber company’s to outsource. These cyber companies have successfully integrated AI to do red team work and then it shows you vuln alerts based off the severity in your specific network. It’s cool, but I feel it’s pushing the cyber scope for everyone to focus on a complex defensive side- a job that involves employees who know the ins-and-outs of the network, not new hires unless their past experience was in a similar environment. I’m grateful the company took me in to teach me, but I fear there’s a chance that a shift is happening where company’s only want defensive architects who sit high above the majority on the learning curve
The market has been over saturated for years now. Same with programming jobs. If an expert with years of experience is having trouble finding work then I think it’s safe to say you will be pressed to find work too
I don’t know if I agree with this. I know lots of companies that are struggling with headcount because they see cyber as a cost. They simply don’t want to properly fund the teams.
@AJ3000_ The bean counters at these large companies will pay via Black Cat cyber hackers. Look at the current situation with Ascension Health hospital system. Their main hospital charting computer system got hack and it's causing devastating hardship with the staff and patients.
Dont worry; As they lay off and exclude people with skills they will turn to black hat and the cycle will begin again with armies of black hats getting past low budget security and a sudden realization that they need more white hats.
Black hats be becoming the unsung heroes yet again, representing a stark reminder of how valuable having tons of professionals in the field is (under constant lay offs happening 😂)
Good thoughts and I agree with what you said in the video. I got my B.S. degree in Cybersecurity last August and the job market for entry level applicants was not forgiving even though I had previous IT experience. I decided to get my Masters in DFIR while I'm in the job search process. I am currently applying to positions that I am qualified if not overqualified for and have not gotten any interviews from private companies. I hear some employers say they struggle to find people, but it is also a two-way street. The company is never going to find the "perfect" applicant and I feel there are some unrealistic expectations in the cybersecurity field. Personally if I was to hire, I would want someone who is passionate, wanting to learn, and have a damn good work ethic to pick up on things quickly. Technical skills can always be learned. But, those are my values and may not be a hiring manager's.
Unfortunately in the security space a Masters doesnt carry much weight. If its backed by certs like SANS etc. that can be a different story - but industry is usually after something specific... its just a shame that the hiring managers arent transparent about it.
@@pinkmilk356Also depends on hiring manager and team culture. Some jobs require bachelors, masters, PHD or no degree at all depending on job function and level of job. I agree that a masters may not be necessary. However finishing a masters these days out of a college is advisable considering how high the skill and knowledge talent is coming from Asia. Work achievements , education, certifications and work collaboration personality are areas we could focus on to help land the right job. I have CISSP and cannot say for sure if that helps. It introduced me to field of security broadly that is for sure. If job solely depends on skill review then no. Basically it depends on the hiring process and each is unique. Good luck to those seeking IT security path. Take the ethical stance in security field. Trust is paramount and knowing what is untrusted in data is important.
I went from intern with a coding background to enterprise level admin. No Helpdesk experience, no certs, only a few cyber related classes in my degree (mostly coding). My internship started as an assistant vulnerability manager with the intention of taking over the program. Our zero trust guy was the other vulnerability manager. He left for another job and I became the manager of both while finishing my masters. When I converted to salary I became the sme (I’m no sme) for three different platforms…. zero trust, cloud security, on prem security. I got extremely lucky or unlucky, I’m not sure yet. The imposter syndrome is real and I know it won’t got away for another few years. Most of my success so far has been due to my team and the vendor support I get from the platforms. I was simply at the right place at the right time.
Applied for an hour just now just to see Junior Cyber Threat Analyst role ask for BS, 3+ years experience, active clearance. Looked at helpdesk positions asking for similar requirements. I have home projects and a associates in cybersecurity xd
apply bro, you don't need to check off all their boxes. It all comes down to how you sell yourself during the interview process. I had the same resume as you at one point and eventually found something.
I've just happened upon your video and it's resonated with me big time... I'm an IT veteran for 20+ years in technical, project and developmental roles... and the landscape has changed so much. I've gone back to study, doing certs and just trying to keep a positive attitude but it's rough out there - but I'm not alone and I thank you for your wise words!
Thanks for the insight. I'm focusing on learning my stack for the long term, right now its web development with javascript and rust. Eventually I will put more focus on bug bounties along side DEV SEC OPS. For myself, I feel learning web development is more important than certifications. I think it will provide me with more opportunity. Sometimes I worry about imposter syndrome and my age, but I have to remind myself that I'm doing it all for enjoyment, and not to be this best or to know it all.
My team had already implemented a few AI solutions when I joined around a year ago, but they were relatively grounded in their approach and I was happy about that. Here in the last 1-2 months I've noticed a pretty clear change in direction that heavily favors buying new AI solutions over, say, hiring a Subject Matter Expert in the same area. So I think I'm basically on the same page as you regarding thoughts on AI. I get it, cyber is a cost center and solid AI tools can dramatically lessen the burden on a team's budget. But still, it kind of feels brutal. Just another thing standing in between the entry-level workforce and landing that first job.
This situation isn't unique to cybersecurity. It's the same situation across all industries. Doesn't matter if it's software engineering, cyber security, or stacking shelves in a shop.
I quit my pursuit working in Cyber Secruity this month. I started taking courses Cyber Security in Dec 2023 - Feb 2024. I passed the Comptia Security+ and started applying for jobs. From Feb - May 2024, I applied for all types of jobs including, security analyst, penetration tester, IT specialist, and help desk. I got no job interviews and received many rejection emails. I am changing careers into healthcare., If getting a job in cyber security is this difficult for people with years of experience, I am not in a better position.
@@TheTricky75 Not that much. I have experience in software development. The problem with experience is that every company has their own particular cyber security software they use. So If you learned how to use Kali Linux and the companies you apply for don't use Kali Linux, you will mostly likely not get the job. Also, not every person in cyber security comes from a tech background so they probably won't have experience from the beginning.
@@soundmute I get it , I feel the more you come from SWE the higher your chances in cyber. You did software development so you were a Swe ? That's interesting , and how long were you in the cyber sec field in total ?
You started the wrong way. The comptTia cert won't get you anywhere and don't get into helpdesk. Stay away from helpdesk. Start with the beginner Palo Alto firewall certification. Learn everything you can about those firewalls. You will get a job that pays well and you will move up fast. Palo Alto firewall certs will get your foot in the door. From there you can explore other IT security domains. But at least the firewall cert will get you a good paying foot in the door job.
I do enjoy the ramblings and thought process your going through especially when your in the field Im currently transitioning into cyber, seems that most of the jobs lost are coming from tech companies themselves, could be wrong keep up the good work videos Just watched the course on the Zeus malware cool
Yeah I don't know what to think. At one point i hear people say its highly competitive field but then I see what i happening at my work where it took them 6 months to find the right candidate who ended up leaving for a management position within 2 weeks of being hired. I'm actually now trying to make a department transfer to the open position now to see if I can get my foot in the door.
Are cyber college graduates getting hired? No, they are not. Companies are *not* hiring entry-level cyber graduates. The cyber career is dead unless you join the military. I'm advising college students to consider a career in the medical field instead of IT.
That’s unfortunate I’m switching from medical to Tech and so far have had much success. Every road is different my friend and in my area it’s booming with tech jobs atm
@edselsledge2940 Where is your area? The internet is full of people stating they can't even get IT interviews. If your city and state are booming, let us know where.
My thing is that I'm unable to reconcile the apparent need with the difficulty. The things that you talk about make it seem like there's no hope for getting in, yet it's juxtaposed with weekly news articles and emails about major breaches from governments, corporations and personal entities alike. Do I step in or not? I've never gotten mixed signals from an industry before, feels just like dating
I’m about to graduate with a bachelor’s in cyber, and I would advise you and others to avoid this industry like the plague. Dedicate your time elsewhere, where you can see a direct benefit for your efforts.
I hear you. No other industry requires this much prep work and still not be able to land a job. Teacher shortage? They had expedited programs so you can get your license and be in the classroom in a year. They are asking for so much..degree, Certs, projects, labs etc and that doesn't guarantee a damn thing.
I left a comment about my story and came to a similar conclusion. I basically said AI is taking over us analysts and definitely pentesters too. Leading most open positions will be high level consultants who can implement the defensive measures and GRC’s too
Layoffs in software development, software engineering, web development, mobile development, cybersecurity, data analysis, game development, and so on. All these industries and more in tech are laying people off left and right. Surge in AI, high inflation, and overhiring during the pandemic caused all of this.
Stay versatile. Continue to learn and adapt to the new technologies, methodologies and frameworks. What you learn cannot be taken from you and can be leveraged severely in your career
I only got the job I have now because of who I knew. I did get my degree and a ton of certs so I was qualified. But the job market is crap, imo. I don’t encourage others to get into it. It’s not an easy field to get into and I think money seems to be the primary drive to get into the field. If you actually want to do it and you are willing to sacrifice a lot, then do it. Your video just confirms what I have been experiencing and I agree we all need to continually develop and learn new skills in order to maintain relevancy in this field.
Some cyber career pointers for these times.. You'll find people gravitate back towards Defence and Government (public sector) as the private sector feels the pressure. For my people just getting into the indudstry, think about getting some work experience with a tech role in Defence or elsewhere in public service (if your country offers it). Get skills/quals and then get out after a few years for $$ if you want too. People higher -> focus on private companies that service government as their 'security' is usually mandated or public service themselves. Hunting forward operations are becoming more of a thing.. what im trying to say is that the work is hella interesting.. Good luck out there!
This kinda thing is why my bachelors was in "Information Technology" rather than specifically CyberSec, as things seems to be constantly changing and id rather be able to pivot with certs after getting the paper that says I have my basics out of the way
Hey man I’m in a IT degree program but am unsure if I should do my concentration in cybersecurity, software development or data analytics… I think cybersecurity sounds cool but seeing many people on here and elsewhere saying the bar for entry is high I might pass. They are really just electives at the end of the day (on top of the core courses).
@@therealmcgoy4968 not only is the bar considered high, but the job market is constantly changing and as far as ive been seeing online, CyberSec specifically is not growing as much anymore and some places are doing CyberSec layoffs
What is your career? Three years? Cybersecurity market is still booming and experts still in high demand? Cybersecurity jobs are not about university degree. It is all about what you can do!!!
I do tell people this, in an article i read this month the white house is looking to train people into cyber professional basically also hiring on skillset than certs/degrees
AIs are perfect for this type of work. Imagine if instead of having antivirus and intrusion detection software you had humans inspecting files and network traffic. You will have companies that will train the AIs and load them with all the zero days, tricks and best practices and let them get to town on enterprise networks. This works both for offense and defence/auditing etc.
@@davidm9001 Yea I see. The people who know the most about automotive cyber security are the auto makers themselves and their contractors that make the software on the car.
@@davidm9001there’s lots of things you can’t learn from a book, doesn’t mean it’s not possible or that’s there’s not thousands of others out there who’ve figured it out 👍 it’s not gate keeping lol
cyber sec was an add on just a little hobby on top of something else from the beginning of machine software & hardware, the last decades it was changed from that to an academic movement whereas candidates are studying it hoping for a job at the end, but the world is constantly shifting these academic programs can't compete anymore to fulfil the need of the market, so it will get back again to be just an add on. for example, having a data science degree + the interest of collecting data to create a security template is now worth the value of lots of cyber sec candidates you got it RIGHT?
Right now I'm working towards my B.S. in Cyber Operations. Honestly, I'm extremely scared. Scared it's going to be a huge waste of time and I'll never find any work, or that I'm going to have to spend the next 10 years just to get an entry-level position. That said, this is where I want to be and hoping that that tides change. I have to trust that things will change and that even though it may take hard work, I'll land on my feet. For me, the biggest question is where to put my focus and time right now. Yes, I am working towards my B.S. and want to remain focused on that, but what else should I do with my time? Should I be trying to work towards an A+ and Net+ degree so I can try to get a help desk position somewhere? If so, then that means I can't work and have to rely on my partner to help me get through this period in time until I can get a help desk job until I finish my degree. The alternative is to get a regular-ass job and focus on my degree, but then that runs the risk that I may not have any basic experience in the tech field to try to get an entry-level cybersecurity job, and so then I'd have to at that time work towards getting the help-desk job in order to eventually get an entry-level cyber job years down the road. Honestly feeling lost and unsure what to do with my time.
Here’s what you do, go straight to applying for the help desk positions right now. I worked at my university IT help desk while studying cyber. My degree forced me to get an IT internship too. If you can’t get a job with your college then either look locally or remotely, I guarantee there’s something out there looking for plenty of IT help desk employees. Once you do land that job, don’t waste time and see if you can get an internship in your field. All year long you can get in touch with companies to plan for a summer internship. Seems most interns usually turn into a full time down the road. Spending time getting work experience is better than studying for additional degrees or certs IMO. Certs are good but I wouldn’t say that’s the first go-to for someone new looking at an entry level
I feel you here! I've got another 2 years myself and have tried to look for internships but the market is not giving me any chances. I decided it would be a good idea to start with the Sec+ and started a path to study the cert over the next few months. If I were you, study the material for A+ and net+ just so you have that solid knowledge base (If you feel you need to get one of the certs after then go for it for sure. But base it off of your thoughts on the matter!) and build a homelab in your spare time so you can get a bit of hands on (it can be virtual, you don't gotta use hardware for it!) Also TryHackMe or HackTheBox is great for hands on learning. We have to build skills as that is what is going to set us apart in this world. Also I'm going to agree with some of the other comments here. Any internship or job is going to be better than nothing in the field. I'm holding a retail job and am trying to career shift into this field and is looking like a rough ride for me. After college I'm going to try for the AFCS internship when I get my degree. If I can get in then I'll land some much needed experience along with a good job in the field. All worthwhile stuff to look into!
Switch to a career in the medical field. Nursing, physician assistant, PT, OT... My son has a BS in Cyber and can't even get an interview for a help desk job.
Great video however I work as a systems analyst focusing on hybrid and cloud technolgoies. I've been in the industry for over 20 years smart companies have always done more with less the entire landscape of technology changed with virtulization. Infrastructre teams went from being large to just a couple analysts.
Bro you are the first one concerned here! You need to get the OSCP and CEH certs and other on demand certs in case you lose your job. It will be impossible for you to find a job if you lose the one you have because you are lazy.
Don't worry, layoffs in tech is nothing new. It's been going on for a decades. As long as you have the skills that are in-demand, you'll always have the opportunity to challenge yourself and grow. Better yet, you can always move into government contracting and make serious $$$. Stay on top of your game, and don't be a afraid to pivot when you can.
companies only care to get past compliance and standards, nothing much and more. @ my work i reported we have a small isolated network with EOL firewall that has been un supported by a vendor since five + years . And i told numerous times in POAM that e-waste needs to be replaced ASAP despite its isolated network. " Oh we have different layer of security " that was a reply
Thank you so much for this video I am so new to all of this just now finishing the Google Cyber security certificate though it was good I still have much more to learn especially when it comes to hands on experience. I would love to connect with someone and learn from them
I've been in appsec for 10 years and feel so behind in everything new coming out every day. I have major imposter syndrome recently and the anxiety from that is driving me mad.
funny how cyber security is to prevent scams, but a lot of cyber courses are scammy that cyber wannabes fall for. so how can cyber students prevent themselves from being scammed? you tell me lol that's the #1 problem to solve right now
I'm so confused. I love Cybersecurity but I don't want to sacrifice my time and money to a dead end. Is there a high demand or not? Why won't they develop entry level candidates? I was also considering dental hygienist just so I'm guaranteed a decent job but i love Cybersecurity more.
It’s liability over compliance costs. You need to start to look at MSP or Cybersecurity firms specifically. In general you need to diversify into networking/sales/ and support
The more I watch your videos, the more I feel like you don’t say anything of substance. A 7.5 minute video and what did I gain from watching this exactly?
No. I’m using it but AI doesn’t deploy workloads in our department for safety reasons and security. It is merely a co pilot/assistance for complicated problems that have not been tried before. Requires prompting skills via multiple iterations to get AI to output correctly. AI not actually deploying the work unless user integrates AI response securely to work loads via a copy n paste method.
This video could’ve been a “how to be a $$$,$$$ hacker in 30 days” video, Grant is giving us knowledge about the trajectory of the cybersecurity industry. How you move forward is up to you.
I think also it’s all the people being told to go to school for cybersecurity but also for computer science/ IT (myself included) this def has any helping the co petition for these jobs.
it’s unwise to pick security as the specific goal in college. it’s niche, and even in government it’s contracted to implement business rules with falcon and McCafe(tm) and with a couple peeps 🐥 to do maintenance.
Are you serious???? Skilled cyber security people are always needed. There are many impostures into the field. They have been attracted by money without them working on their skills. I disagree with you.
