What Working in Cybersecurity is Really Like

<p>Are you like most students in college who had grand ideas about what your dream job would be?  Was it going to work in cybersecurity? I pictured myself at work in a really cool office with bean bag chairs and a ping-pong table. Tons of free snacks and drinks. Oh, there goes the CSO <strong><a href="http://www.segwayforsale.net/">whizzing by on a Segway</a></strong>. I could see it so clearly…</p><p>Fast forward to today where I actually work in cybersecurity. Yes, we have a ping pong table, and snacks are available hourly if I want... but a more secure world is what we're trying to create here at ThreatStream.</p><p>Here is what working in cybersecurity is really like.</p><p><strong>Life is Not a Movie</strong></p><p>You know when you watch a <strong><a href="http://www.tripwire.com/state-of-security/off-topic/forget-blackhat-the-best-hacking-movies-of-all-time/">movie and there is a hacking threat</a></strong>, they always show a group of (good looking) people gathering around a bank of large high-tech computer screens ready to thwart a breach. Seconds tick by, dramatic music plays, close up on someone whipping sweat from a handsome, determined face. A few more seconds tick by… The threat is neutralized! We did it! Everyone high-fives and hugs!</p><p>This actually <strong><a href="https://www.anomali.com/blog/5-little-known-effects-of-a-data-breach">never happens</a></strong>. I mean, never. When there is an incident, there is no glamour. Not only is there no dramatic lead up, there is also no dramatic climax. Threat detection and incident response is your job and you are expected to do it. And, let’s be honest, there are long stretches of waiting. But when an incident does occur, then we get to be the leading man or lady. We gather around our cubicle and get down to business. The threat is neutralized! You just prevented hackers from gathering sensitive financial data! Well, high-five yourself because no one else is really paying attention. Unless, you miss the threat intelligence and there is a security breach, then everyone is paying attention and knows it is your fault.</p><p><strong>Can Anyone Hear Me?</strong></p><p>This leads to the next point, trying to explain high-tech “things” to the average person. Your co-workers are smart, but they are not analysts. So, where then is an issue that must be explained it can feel a bit like you are ordering dinner in a foreign country. What we do is very detailed and extremely acronym heavy. To the average user or the CEO this is like an alphabet soup of letters that make no sense. When it boils down, they don’t want “geek speak.” They want straightforward answers to the questions like, “why isn’t this working?” and “can you fix it?”</p><p><strong>The Good News</strong></p><p>The good news is that if you love your job, the lack of excitement and glory doesn’t really matter. As <a href="https://www.anomali.com/blog/5-ways-analysts-can-be-the-needle-within-the-needles"><strong>analysts</strong></a>, we know our own worth. We know why we need threat intelligence and why encryption is important. We know that we could join the dark side, become a hacker, get lots of publicity, go to jail and become a high-paid consultant once we are back on the outside. (We might fantasize about it, but we don’t actually do it.) We know that our roles are critical and necessary to keep our company running smoothly, and that’s enough, most of the time.</p><p>I mean, free snacks and Ping Pong are nice perks, but a more secure world really makes you the hero.</p>