Print This Post Print This Post

6 Reasons Why You Should NOT Work With Information Security

This article does not mean to be demeaning to the career I chose to follow, but rather a humorous rundown of facts about being a security professional that cannot be ignored, and are shared amongst several of us. Do not let the items below discourage you, but rather be aware that they are an intrinsic as part of the journey! :)

6 – Working long hours, forever

Please raise your hands those of you who go home 100% sure that no one will be able to break onto the network/security domain you manage. If you are one of those, either you are just starting in the career and was not around during the good old Sasser’s days, or you just disconnected the computer from the power plug. Things break. Things break even when we don’t touch them. That’s a natural fact of life. Now imagine someone/something  having the whole eternity to saw off the bar cells. One day they will succeed, and that’s pretty much the life of a security professional. You have limited amount of time/budget to fix things, and people out there have all the time (and some times resources too) to break it… it is an unfair competition… And that’s just the beginning.

As a friend of mine says, after some time you get used to sleeping with an eye opened… But it is fun!


 

 5 – People only remember of you when things go wrong

I am still trying to recall the last time my boss came to me out of the blue and said: Adriano, congratulations for how secure our network is. I’m giving you a nice bonus for that! Actually, I think it never happened.

Whilst I see the marketing department or Jack from the sales department getting promoted and acclaimed for their feats (free trips to Hawaii all included, etc.), I strive to do an excellent job but very few ever gave me a humble thanks. I believe my Networks friends are on the same boat, right? You have to realise that you are, and will always be a cost center when compared to the bon vivants on sales. Sorry, it’s never going to change (you can learn some vital lessons to survive here).

Now, imagine that after all the work and effort you put to patch and remediate the vulnerabilities of your network, an evil spirited kid in Russia discovers a zero day patch that can disrupt your network (and millions others). Guess what’s going to happen! I remember once (a couple of years ago) when our network got infected with some nasty bug, I had at a time my boss (the manager), the CISO and  the CIO literally breathing on my neck, sitting behind me and watching while I cleaned up our Exchange server. Every 2 minutes one of them asked: -How is it going, how long is it going to take?

It was a nerve wrecking experience, but I survived! Has it happened to you before?
[adsense]

4 – Study, study and more study

It is sad. Again, whilst Jack is entertaining the customers at the best restaurant in town, we poor security professionals are stuck at the bus, going home and reading about how to “harden Apache 2.X.X”.  Or better, he might be taking a high profile customer to a golf relaxation session whilst we try to clean up their malware infected desktops or decide what Information Security certification to get next. I believe our day will come some day…

Pages: 1 2

23 comments to 6 Reasons Why You Should NOT Work With Information Security

  • Muneer Raza

    Wonderful sense of humor.

  • Pekae

    Only just caught up with this – great, humorous article Adriano. Having been in IT 35 years and InfoSec for 15 of them, it really rings true (with a grain of tongue-in-cheek).

    All I can say to Cellus is, if he rarely works more than 40hrs a week, then he’s not living in the real world (or making an effort!), which sums up his whole reply.

  • Nazim

    Haha!! I loved point numero uno mate!!!! Cheers!! :-)

  • Jason

    Great article Adriano!!! You summed up the life of an IT professional perfectly!!!

  • Chris G

    I remember sitting in my daughter’s Kindergarten class once while listening to another girl’s parents describe their chosen careers. Dad was an airline pilot for Air Canada and Mom worked for Apple in their marketing department. The kids around the class were mesmerized listening about their jobs. The coolness factor was off the scale for these parent’s daughter.

    Then then turned it over to me – the IT Security guy. Zero interest. Nil. Nada. Nothing. For a 5 year old, there’s no way to make IT security even slightly interesting.

    That’s when I knew what I did was boring and I should probably quit and become an airline pilot. :)

    BTW – why don’t you DELETE comments from folks like Cellus above? This site isn’t run/monitored by the government. You can do whatever you want with it. Drowning out idiots is your prerogative.

    • Hi Chris,
      Thank you so much for your comment!
      I seriously though about deleting Cellus post, not because he doesn’t agree with me, but because he lacked respect. But I believe everyone should be heard, even the haters, it’s just about giving them ears or not.
      Since I’m a positive person, I ‘m going to leave it there for people to see! :)

      Cheers,

      Adriano

  • John

    Excellent article..!!!! It is the real life and to survive it is needed real passion for security.

  • Ian

    Reasons you should not get into security as a vocation…well security has made a fashion out of poor management decisions for more than 10 years now. This leads to a lot of boredom, frustration, and losing the will to live for many in infosec. I sympathise and empathise. If you want to enter a profession where you won’t fit in unless you offer ZERO (0) value…get into security. If you never answer email or contribute anything useful in meetings, your ideal career is security. There is nothing personal in this…it’s just the way the world is. Like I said I sympathise. Security as a professional career choice is discussed in Chapter 6 of my book “Security De-engineering” released December 2011, Taylor Francis/CRC Press

  • Are you serious???

    YOU HAVE GOT TO BE KIDDING ME!!!!! This is so much bull$hit.

    #6. Work hours, what job do you know that pays as good as an IT professional that doesn’t work long hours. For the record, I have been in IT for 9 years and have done it all from Help Desk to Pen Testing and I rarely work over 40 hours a week!

    #5. You must not be any good at your job! I have tons of people that call my work center looking for ME and do not want to deal with anyone other than me because they know what they need will be taken care of! This and this alone makes me think you have no idea what you’re talking about!

    #4. Okay, IT is ever changing and yes you have to study, BUT why is this a bad thing? I can’t believe that you would actually concider selfimprovement a bad thing!

    #3. LIMITED GROWTH!?!?! Do you realize that in big companies that there is an IT guy on the board of directors? Again, you’re an idiot!

    #2. A SAD attempt at a bad situation! First, ANY IT professional knows NEVER let ANYONE hook up a personal laptop/device to your LAN. Second, there is room for mistakes, on a non production LAN where you should be learning in the first place!

    #1. I can do all of that, but my friends don’t have to know it. If you brag about you can do this and you can do that, don’t you expect this type of thing? If you’re a tax layer, don’t you think your friends will come to you and ask you advise about their taxes?

    In closing, I can’t believe I actually read such an off base article that sad to say some people will take as the truth. I can tell your level is the bottom of the barrel and this is another reason why not just any idiot should be able to post on the internet!

    -Cellus

  • Miguel

    Excellent and funny article!
    The word “motivation” was used so many times I did remember the equation E=mc2
    Translate it to “effort=motivation x compensation[square]“. If some companies ever understand that the world will be a better place for hard working people like us ;-)

  • Michael Mars

    What? Are you new to IT? I can’t recall any IT job that I have had that wasn’t like this.

  • AtlKing

    Adriano—

    Nice article to read; however, i think if someone has passion, motivation, ability to constantly learn new things, patience and persistence he/she will succeed in the security field; also i agree with Herman above that security profs should have fun while it last, i know that from my end there are some top notch cool projects i was involved in that changed my initial perception about how static security field can be; for example if you get involved with technologies such as VOIP or Video you’ll see security from very different fun angle.

  • Tiger_Auditor

    Yes i agree with most of the points mentioned here. It is usual one who working in infosec. But one advantage is we can expect more salary. and should update our competency everyday. This will be very helpful for the Information security Auditor to update the latest technology.

  • Unemployed

    Needless to say, any job or a position can be hectic at a time  As been mentioned earlier; “Motivation” is the key element to successfully perform, not only in this area of expertise but also in any profession. Before the motivation we first got to have passion specially in this field, we have to have the love of doing what we’ve been trained to do. I’ve more than a decade experience in IT & currently unemployed!
    InfoSec, is where we ought to be current with technology, regulations and standards. Constantly learning the cutting edge technology is gratifying. In this industry we’re able to help organizations to stay on top of their games. Finally, this profession will allow us to help a kid from being bullied in cyber space….(isn’t that pleasing??!!)
    And all of the above is the motivation behind the fact that I’m still in school, teaching and learning at the same time. Personally, the thrill working in InfoSec industry some-day is a great deal satisfaction for me!

     

  • Tuwi D

    Facebook’s accounts too, exes fb accounts are by default requested. Without mentioning the part when they assume you have to know about telephones/satellite decoders/dvds/*anything with electricity on*

    i’m really getting tired of this.

  • You better start to have some fun in your job. Your attackers do :). My career started as a trainer in security products, then an information security consultant, then application security consultant and now I am my own boss and having fun. Do not limit yourself to one company…

  • bit

    information needs security,whether we like it or not.
    and besides working in an information security has a highest paid ;)

  • Prakash

    All this comes down to one thing as I keep telling everyone in Info Sec field, “MOTIVATION”.
    It is lacking at all levels as the above are true for even development and business groups. No reward for developing and implementing secure solutions. (don’t take it word by word). So, best way is to get compensated well as many companies do pay well for Info Sec Profs.

  • Buonsanti

    Very nice. Just be careful not letting your C-level and sales executives read this. LOL.

  • Ayunardi

    Quoting Camargoneves : “And there is one more, the only guys that will be more hated than you are the auditors. So you can at least have some folks to lunch with. ”

    Imagine there someone sit far away in the corner for lunch, it’s an Information Security Auditor. Ha… Ha… Ha…

  • camargoneves

    Funny. And there is one more, the only guys that will be more hated than you are the auditors. So you can at least have some folks to lunch with. :)

  • [...] Today, several folks have tweeted & retweeted about an article written by "Adriano" at MyInfoSecJob.com. The original article may be read here: http://www.myinfosecjob.com/2011/08/6-reasons-why-you-should-not-work-with-information-security/ [...]

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>