Cybersecurity is Overhyped (it's not reality as a career) 

90% of cyber security is convincing other people why they shouldn't be dumb. The other 10% is convincing yourself you're not dumb.

I totally agree. I was "influenced" that you need to know kali linux, wireshark, Splunk in order to get into the cyberspace. I literally had blinders on for a year thinking I need to be technical. People say you need to know your OSI model - yes you should know your OSI model, if you're in a department that needs it. I just obtained an Internship, and it is the complete opposite of what influencers envision cybersecurity. Cybersecurity as a whole is the protection of a service or organization which means a lot of meetings, collaborating with different teams, thinking bigger picture, and projecting where your company will go. There are departments like an internal / external SOC, Triager, IR, CTI. These departments do exist - but do not think that these are the only ones. In fact, these are a few of many inner pieces of a company. I just wanted to shed some light. To people getting in, dont limit yourself with the technical stuff. YES they are good passion projects to show companies that you are interested in the field, but don't go thinking that is exactly what you'll be doing for your 1st job. If you've applied for a specific job (i.e SOC) and want to look at network packets all day as your first "entry" job - the chances are slim. Same for certifications - whatever influencer you follow that told you to get sec+, CCNA, A+ are right. However, know that certification does not equal job ready. Maybe (CCNA is), but for the most part HR just put that in as a requirement. I have my Sec+ and so far, I haven't actually implemented the terminology into my workday. Be open, be communicative, and be willing to learn. Thats all I have to say. Keep grinding, keep applying, but know that cybersecurity is more than just technical red teaming. rant over yall

Wow, what a disappointment! I thought I'd be dressed in all black, wearing high speed hi-tech comm gear, breaking into a highly secured building in the dead of night to hack the file system of a high value target and then being extracted off the roof via a helicopter. Back to the drawing board for me.... But in all seriousness, I'm glad you addressed this Grant because a lot of what I see presented in the field is the red team "rah rah" attack/pentester side of things. Personally, I'm more intrigued by working in a SOC as a malware analyst. Those video views are far less juxtaposed to the red team content for sure!

CISO checking in. "Cybersecurity" these days is a very broad term and is more than just hacking which seems to be what most of this video is targeting. There is security risk and compliance, third party risk, security operations, security architecture, security engineering, devops security engineering, just to name a few outside of hacking. It is challenging field but who wants a brainless and easy job? The pay is high and one can often work remotely. There aren't enough people in the industry. It's an excellent field. The threats are always evolving.

If I could give advice to myself when I joined Tech, I would say 2 things. The first is, every company is different. The way your first company configured a domain controller, or collected logs, ran table top exercises etc: doesn't necessarily mean it was done the best/right way. It was done in a way that solved a problem for them at the time. Rarely in technology departments are systems designed long term, they are usually designed because of an urgent need. Learn to live and die by best practice, but understand there is times when that isn't going to fly. There is never a time to tell someone I told you so. The second lesson I would tell myself, is when in meetings with people who instill confidence, and clearly know what they are talking about, double your focusing on listening. Just don't wait for your turn to talk. Try to understand the concepts, ask questions, and be dialed in. There is a lot of nuances in cyber security that you can only understand if you are really dialed in every single day.

Programming is exactly the same. Everyone thinks it's ping-pong tables and free lunch, but there is a huge emphasis on project management and people skills. Those skillsets are more important to your job security than being a great programmer.

As an engineering student in a much different domain but interested in computers and security in his free time I have to say I really appreciate your realistic approach. I’m just sick of flashy overhyped content going after clicks with buzzwords. So thank you for the videos Grant

Well said Grant, a good dose of reality to the people who are wanting to get into Cyber.

A lot of “cyber security” is just company IT policy and enforcement. It pays well if you work for the DoD and have certificates.

I'm working an internship this summer in InfoSec and I've been shocked at how little college has prepared me for the real world in InfoSec, you learn the basics of all the tools and Linux and all that in school which is all essential and very good to know, but once you get there you end up just using vendors and enterprise level tools that you've never heard of that do a lot of the dirty work for you unless you are a pen tester or red team...even then there are red team tools out there that automate testing your security controls. But one of the big aspects I've never heard of in InfoSec until I got a job in IS, is threat intelligence and threat hunting, before this job I had minimal if any knowledge on what that's all about. Though if I'm being honest it's really intriguing.

Yes buddy i even so i was searching for proper content from past 5 years when i was in 10th grade but 80 percent of videos are just focused on hype .

This is so true, my masters classes were pretty much Kali Linux all day long and when I got to corporate they told me that's only available up north in DC area and a small part😤. Needless to say I was disappointed. But it's all good. Live and learn

You're transparency and humility just earned my subscription. Gracias amigo!

Take the CISSP to really understand what a mile wide, inch deep means. Red teaming is 1% of the overall cyber ecosystem.

"You work with people". I really dont see how this could be used as a disadvantage of cyber security when I can count on my hand the number of jobs where you never interact with people. Classic "water is wet".

Great content all around! My favorite part of this video is you taking accountability for "almost" falling into the false marketing approach as well. I agree with everything you said. Some "known" content creators are not doing a good enough job of properly guiding individuals that wish to enter the space. And those that are - lack the viewership they deserve.

Trust me when you're in a security consulting company doing all types of assessments, Pentesting, Red Teaming, Purple Teaming, you really won't get much time to research. You mostly get a 50 hours assessment. The only time you get to do some research is during the downtime. If you are good at what you do and you put in effort to learn new stuffs and if you actually manage to break into the industry, you can do most of these things. And yes reporting is one of the most important things when it comes to consulting.

I knew your channel was worth subscribing to, thank you for your honesty, time, and effort.

found your channel 1 video ago, this is my 2nd and I'm so happy that I found you :D I love the quality of your video content and your philosophy or approach to things, especially the perspectives.

Just a few months ago I got a security engineer job and it did also open my eyes to how the day to day really is on a higher level. I agree with every bit and you hit some very good points. SOC work is fun to me with analyzing incidents and even finding ways to automate on a SOC level. But with my engineer role I find it way more fun and pleasing building infrastructure and tools rather than the glorified pen tester side. I believe people need to find there NAC in what they like within the umbrella that cybersecurity is.

I work in cybersecurity and I have little to no technical skills or knowledge. But I can write, speak well and make problems understood by executives.

Agreed. Red team is a very small sector of the cyber landscape. Accurate representation is necessary.

Such an important message. Thank you!

Hahahaahha the thumbnail had me dying. I often get called out on my perplexed faces when troubleshooting some stuff, this is so accurate it hurts 😂

Step 1: Get job in cyber security. Step 2: Watch out for the hype. Step 3: Ride the hype.

My girl has been in cyber security for years. She's a higher up now makes tons of cash and can't write a single line if code. Coding is not needed for this role in reality.

Well.. I've been a truck driver for 12yrs and currently getting a cert through ISC2. I'm not sure how far that will get me, but it's a start. Really hoping I grow in this field. I want this, bad

What do you think of Fullstack academy? Im going through a 12 week bootcamp for cybersecurity. I was told it was like basic networking, coding, some pentetration( if i spelled that right), and cyber analyst. I just hope its worth getting certifications, im still new and learning the cybersecurity broad world, i think what i really want to do in the cyber world is investigation type cybersecurity. Anyone have any advice? Edit: nevermind. I feel discouraged because now I don’t know what to look for and do in terms of certifications and schooling. If the job doesn’t entail what I’ve learned then whats the point?

so do you NOT recommend getting into cybersecurity?

2 main areas: Defensive and offensive. Like an R6S game. Attacking an area (offensive) while being like a server. Defensive, penetration testing to test your defensive. The also in defensive, building your DNS or strengthening your proxy to prevent people penetrating into your servers or what ever you are protecting.

Thank you soo much this video helped me making a big choice in my future job

I kind of figured that there was a lot of bull with the way some people presented cybersecurity. At my age I am just wanting to do something where I can make a living with what is between my ears a bit more than having a strong back. A back that isn’t so strong anymore. The investigation part is what seems neat to me. Tracking the bad actors to their den that and taking them down is more like what I have done in the past just with a swat team and not a keyboard. That and after being a Paramedic for 30 years I want a desk job.

You're probably the only youtuber that uses the most realistic video thumbnails.

I agree. Behind the glamor is a lot of hard work and frustration. Many days that have nothing exciting at all.

It's hilarious that Collin's youtube page wallpaper is him doing "ls" on his duo monitor.

Hey i really need to know maybe its off topic. I àm getting into networking and cloud computing. Is there growth in networking jobs? I really just spent a ton of money on a course

Thank you soo much , highly appreciated

Video stopped moving @1:22 Hacked.

Hey Grant Just came across your channel and I'm a big fan of your realistic approach. Im a beginner with absolutely no knowledge of IT or Tech and I'm considering a career in Chinese. Do you have a course that I can follow?

Hey guys should i get my ccna or just forget about it?

Any advice to break into this career?

This is a good message for people. Thanks

So is it worth going through with these degree program grant? like WGU and Purdue global?

Can you mention which online sources to follow

Very good video it has been a long time since i saw your video

12 hour a day entry level Cyber employee here. Spot on

I got my first security job about a year ago and it is a lot different than what I thought it was going to be but I do enjoy it but I'm mainly doing patch management fun lol

I literally love the thought of sitting all day doing tedious work. I'm weird but it's what I'm looking forward to and hoping for. I am stating to feel better that my chances of getting that type of work in the beginning are good

A few years ago I worked in IT for a small company. A few months in we hired a Cyber security guy and he ended up sitting next to me in our cubicle department so I would witness his daily life. Really great guy but boy, was he stressed out every day. He was up every night getting paged for cyber alerts on our systems. Then he would come into the office and the head of our IT would constantly pull him into meetings with execs, engineers, Dev ops guys. Then he would be slammed throughout the day with tickets for systems needing patches, compliance updates. So much bullshit. He ended up leaving after about 5 months to a better shop but it def made me realize cyber security is not a fun job.

Thanks very insightful

Sorry a bit off topic, but would anyone mind to share some YT channel or persona or maybe some sort of Writeups that focusing on Blue Teaming? Thanks in advance

I got the idea to make a career out of computers because of cybersecurity, but the more I got into it, the more I realized I didn't like using things in their non-intended way, I enjoyed creating things and fixing things back to their original intention. Have a nice career in IT now and learning little bits of Javascript as well.

Can you give an honest assessment on WGU to see if its worth time? All my searching and I cannot see if it full teaches a person what they need.

Just found your channel through YT suggestion...glad it did. So, I've been doing IT stuff for the better part of 20 years and I can see the 'overhypeness' of CyberSecurity for sure. I cannot count how many times I've heard people complain about not understanding why they even need to understand fundamentals and when can they start hacking all the things. Everyone wants to hack everything, no one wants to spend the many hours writing SOPs. 😆 Love the work.

Totally agree with you, today there's plenty of areas within cybersecurity where people can work in without knowing it all. Also agreeing on the BS, I'm super tired of companies trying to sell me another snake oil solution, while you have amazing FOSS projects that do the same for free. I love two statements in your video: security is also a culture issue and is hard work, that's sums it well. As someone who works on protecting, you need to make sure everything is safe, while attackers must find one meaningful vulnerability, is tiresome.

Thanks for sharing

thank you so much for being real

Cybersecurity is what you make of it, I love it.

Cybersecurity…where you will be told by an auditor with no experience in Cybersecurity or IT everything you’ve done wrong , and management believes them.

I’m been a controller/finance and want to switch over to cyber security. I’m 56 years old. I know anything is possible but interested in your thoughts.

The hype part is the “Hacking”. people have to realize it’s a ton of research & digital forensics behind cybersecurity including risk mitigation/incident response & SIEM monitoring . I love the blue team aspect but the engineering side is where I live & breathe.

Great video 👍

I been using Ghostery for years now. I have not dug to far into it, in fact it is pretty easy just to set it up and forget about it, but it seems to work good actually.

HI, I am currently a graduate of Msc Cyber security and digital forensics and I had a career transition from science to IT ( my previous course was Forensic Science). I don't have any experiences in my field. Could you please tell me some certifications that would help me to land a job?

Thank you brother.

I absolutely love this video and the honesty. Great work and keep it up : 💖

I agree with everything in this video! People these days look like something but they lack substance, smh.

...this is good content...I work for a DoD agency as a project engineer....each major section of the organization has adopted a cyber group...you're right...it's a lot of hype...talk, talk, talk...sometimes I feel like I'm listening to Alan Greenspan..."I know you think you understand what you thought I said..." Policy-driven...inserting requirements into every project...the main thing I hear is "who is the owner"...basically, it's driven around obtaining mutual consent that when something breaks, who's to blame, and who's going to pay for it...Thanks Much...;-)

I am intererested in getting into Cybersecurity. But feel I need more info regarding this potential career. One thing I learned is that, there are no easy jobs in this world. Even sales related work is highly stressful dealing with people everyday. Probably will need to really enjoy the work to thrive.

I've been a software engineer for 12 years now, cutting code from the front-end all the way through to server and DB and understanding everything in between. I considered moving into security but after doing some research into this switch, I realised that being a developer allows me to be my own 'artist' - im as limited as my imagination and can start up my own gig. Being a security analyst or a related role, require you to be employed mostly and you're limited by the set of tools you use. It just doesn't feel as unlimited as being a dev does. Also - im from the UK and earning potential is around £50-100k for most senior dev jobs.

How to get a job in cyber security in the US: 1) Have a basic understanding of network administration. 2) Have a family that passes the NSA profile check three generations deep.

Is cybersecurity good to learn to protect a personal business website?

I mean you say this but my first job was web vulnerability assessment where I was effectively literally hacking all day. Currently I'm a red teamer and do the whole shebang - penetration tests, physical security, social engineering. It is effectively hacking all day except for of course report writing etc which can't be helped. So yes not all of cyber security is about offensive side and hacking, but the way you present it makes it sound like that's not a thing that happens - indeed you put in your title "it's not reality as a career". For me it absolutely is reality, I do spend most of the day sending malware, searching for and exploiting vulnerabilities and misconfiguration s, poking round file systems etc. It absolutely can be reality as a career provided you go down the right path. If you pick SOC or security engineer etc then yeah that won't be happening but do an offensive type job and it will

Great video, Grant! I was part of the hype, in a way, but I kind of knew we weren't going to be wearing masks, dressed in black, etc.. to this day it is funny to see adverts to cybersec courses or hacking courses with the typical guy dressed in a black hoodie, typing those enigmatics green letters into a black screen, being all mysterious. haha anyway, your video is pretty necessary still.

I have been waiting on someone to call those turds out for A WHILE 🪬🤔💯 NICE Grant 🚫🧢

Thanks so much, this is a really helpful video! I am considering machine learning/AI now as I was stuck between cybersecurity and that

There is a lot of BS in CyberSec field because every non-technical recruiter/HR person is recruiting for Cybersecurity. People working in cybersec industry hv varied backgrounds. Some were network engineers 2-3 yrs ago so they donot have a complete overview of different areas of security, some non-technical ppl directly entered in Cybersecurity by doing CISSP which gave them an overall idea of security topics but technically they dont hv the required expertise and are technically weak, some hv software engineering background and trying to enter security but hv no idea about hardware side of Cybersecurity. The Certifications introduced within last 2-3 years are so many that everyone is confused as which one to choose and which path to follow. This is the challenge. There is so much confusion in Job descriptions. HR is looking for a superman who knows everything and is expert in all kind of newly emerged technologies/platforms. This confusion will stay here in future aswell because more and more technologies and devices are coming in the market at such a fast speed.

Great content What online resources would you recommend for getting started as a SOC analyst. I heard cybrary is good

Cybersecurity Engineer work or the DoD type Information Systems Security Officer is mostly administration. It is NOT what I had pictured. I wanna just go back to networking now.

do you know of any resources that teach practical cybersecurity, instead of teaching "flashy" cybersecurity

im taking the cisco networking academy cybersecurity career pathway im hoping i get something out of this i have no idea where to start learning so i can tap into the industry

depends on what your specific job is

Great video, agree with most of it except how you pronounced ippsec :)

this is why i am not interested in the "hacking side"/pentest roles like over burnout/stress , no flexibility , can be boring , always being paranoid staying 24/7 on the latest cyber news even on off days not if this just for hacking or its just cyber sec as a whole and all the other things/subfields ???? .This is why i am switching to or want to do cloud sec engineering or software engineering seems less stressful

if cybersecurity is about experience and hands on then it's cheaper to recruit ex hackers from prison than from university.

I have two questions on the subject: 1- In 10 years, can AIs replace or take over many vacancies in cybersecurity? 2- Do you think doing comptia+, NDE, DFE, cloud+ would already be enough certifications to enter the market as a junior? what salary to expect?

sir, when you read this comment, I totally agree with your view of how cybersecurity is so totally overhyped. Report writing, working with people, knowing the fundamentals sir. You nailed it. See through the hype sir. Good job

Interesting video. It’s obvious to me the cyber is rarely ever pentesting. I would imagine though, that alot of people do watch mr robot and think that’s how the industry is lol

Please anybody tell me what is the starting point of this field?if someone is not in IT field previously..

This doesn't apply to just cyber security but programming in all industry. You won't be writing or creating complicated and elaborate apps or programs that will change the world. As a java developer that was working in an ETL team for citi Bank, my first job was to write a couple of loggers or add a couple of fields in

blue teaming gets plenty of traction but also is more about the business and best practice side of things which generally inst as interesting. Some of the sources you put out who talk about red teaming also talk blue teaming. The thing is what you say is the number one issue we have: The focus on trying to make the money without even having the general interest.

I think a lot of what people think Cybersecurity is, boils down to marketing.

i just got my major in Cyber Security omg

hi do you have linkedn? can i connect with you so I can ask more questions? a lot of people doesnt try to ask my questions about this field but I really am interested in it. although i feel like i am not doing enough and the bootcamp i went through is not enough to get a job in the field.

I think especially if you don't have a security clearance.

what about pentesting

Adam Jensen... 'Deus Ex Guy' is the job we are looking for

I know this isnt everything in a job... buuuut pay is not to bad especially out of college

Good points, decided to create my channel after I saw some crap youtube influencers who clearly have less than 18 months selling bs courses and spewing crap.

It’s very boring sifting through tons of logs