This article does not mean to be demeaning to the career I chose to follow, but rather a humorous rundown of facts about being a security professional that cannot be ignored, and are shared amongst several of us. Do not let the items below discourage you, but rather be aware that they are an intrinsic as part of the journey!
6 – Working long hours, forever
Please raise your hands those of you who go home 100% sure that no one will be able to break onto the network/security domain you manage. If you are one of those, either you are just starting in the career and was not around during the good old Sasser’s days, or you just disconnected the computer from the power plug. Things break. Things break even when we don’t touch them. That’s a natural fact of life. Now imagine someone/something having the whole eternity to saw off the bar cells. One day they will succeed, and that’s pretty much the life of a security professional. You have limited amount of time/budget to fix things, and people out there have all the time (and some times resources too) to break it… it is an unfair competition… And that’s just the beginning.
As a friend of mine says, after some time you get used to sleeping with an eye opened… But it is fun!
5 – People only remember of you when things go wrong
I am still trying to recall the last time my boss came to me out of the blue and said: Adriano, congratulations for how secure our network is. I’m giving you a nice bonus for that! Actually, I think it never happened.
Whilst I see the marketing department or Jack from the sales department getting promoted and acclaimed for their feats (free trips to Hawaii all included, etc.), I strive to do an excellent job but very few ever gave me a humble thanks. I believe my Networks friends are on the same boat, right? You have to realise that you are, and will always be a cost center when compared to the bon vivants on sales. Sorry, it’s never going to change (you can learn some vital lessons to survive here).
Now, imagine that after all the work and effort you put to patch and remediate the vulnerabilities of your network, an evil spirited kid in Russia discovers a zero day patch that can disrupt your network (and millions others). Guess what’s going to happen! I remember once (a couple of years ago) when our network got infected with some nasty bug, I had at a time my boss (the manager), the CISO and the CIO literally breathing on my neck, sitting behind me and watching while I cleaned up our Exchange server. Every 2 minutes one of them asked: -How is it going, how long is it going to take?
It was a nerve wrecking experience, but I survived! Has it happened to you before?
4 – Study, study and more study
It is sad. Again, whilst Jack is entertaining the customers at the best restaurant in town, we poor security professionals are stuck at the bus, going home and reading about how to “harden Apache 2.X.X”. Or better, he might be taking a high profile customer to a golf relaxation session whilst we try to clean up their malware infected desktops or decide what Information Security certification to get next. I believe our day will come some day…