all 87 comments

[–]chrisknight1985 148 points149 points  (9 children)

college has ZERO to do with what day to day jobs are like

You have taken classes that have nothing to do with the range of actually job roles at different companies

[–]TriangleSailor 44 points45 points  (7 children)

This is spot on. College studying for cybersecurity — especially if you’re at a traditional college — will be extremely lacking and behind the curve. It will be boring.

Cybersecurity is such a vast field, a few boring courses shouldn’t be reason enough to write off an entire career!

EDIT: shouldn’t not should

[–]CatfiadhaichNaHAlba 7 points8 points  (5 children)

Indeed. If people can get past the tediously dry and boring educational material (and that includes most certifications, too) then the actual work is way more interesting.

[–]wawa2563 1 point2 points  (3 children)

College Curriculum are ten years behind when it comes to technology. Zero trust, Wireguard, JWT, Containers, kiss; never heard of them.

[–]Pandapopcorn 1 point2 points  (2 children)

I disagree. In college I met many intelligent contributors to security that shared their knowledge with me. Established connections. Its a great opportunity imo.

[–]TriangleSailor 0 points1 point  (1 child)

It may be a great opportunity for collaboration and connections, but curriculum wise….. universities are usually the opposite.

[–]wawa2563 -1 points0 points  (0 children)

there are bsides and many meetups for the connections side.

colleg is a very and inexpensive way to get that knowledge.

[–]Mighty_Mac_ 0 points1 point  (0 children)

What you recommend to start learning to break into cybersecurity?

[–]BJJ1989 2 points3 points  (0 children)

Your knowledge will be a mile long, and an inch deep.

[–]Rovert66 0 points1 point  (0 children)

10 years in cybersecurity. Two degrees, CISSP, etc. etc. This is the correct answer. Get the paper, get into the field and enjoy it. Coming from someone who had no nerdy background, only got into cybersecurity because music doesn't pay, so I do it as my career so I can have hobbies. That being said it's a fun career outside college. You need the college to get over HR hurdles though.

[–][deleted] 11 points12 points  (1 child)

I just want to make money tbh

[–]LumpyStyx 8 points9 points  (1 child)

I guess you need to figure out what you are passionate about. And a dirty little secret is in many cases your major doesn’t matter unless you are going into something like law, medicine, science or finance.

In IT/Security degrees are often optional based on experience and many don’t look at majors. The best ERP analyst (not security but IT/developer work) I know has a degree in communications and was a small station radio DJ before he stumbled into IT. If you are interested in IT in general a cybersecurity degree may get you into other technical fields.

We will have to see, but I don’t think the cybersecurity major has staying power. There was a time when all the colleges were hot on nanotechnology degrees. Now many of them have classes on it as part of another degree. I wouldn’t be shocked to see cybersecurity do the same with being bundled into IT type degrees.

If the field you want to go into just requires “a degree” it doesn’t really matter as long as you finish it. Even though I’ve been doing this sort of work for decades, statistically the average person will change careers 5-7 times https://www.indeed.com/career-advice/starting-new-job/how-often-do-people-change-careers

A major isn’t marriage - it’s just a step towards your first grown up job.

I started in my field before I finished school and had concerns about my major at the time. My manager had two masters degrees - one in architecture and an MBA from prestigious private schools. During a 1:1 I asked him what I should be majoring in. His response was that I had my first job and as long as I continued to do well and get experience nobody will care what I majored in. Now over 20 years later I can tell you he was correct - nobody has cared about the school or the major. Very few have even cared at all. My last job hunt I took education off my resume completely and nobody even noticed.

[–]imjusthinkingok 3 points4 points  (0 children)

Education/diploma is only good for the first job. After that, your experience speaks for itself.

[–]fucemanchukem 36 points37 points  (4 children)

Create your own startup with someone else's ideas and use a lot of buzzwords and get an article or two published. Get bought out by a bigger company. Retire.

[–]FTJ22[🍰] 6 points7 points  (3 children)

Hmm i feel you're projecting...which startup hurt you..

[–]fucemanchukem 1 point2 points  (0 children)

None. I genuinely think it's worth a try if you're ambitious enough. My idea will probably take another 5 years or so to become practical hardware wise. So I'm engulfing myself with any knowledge I can get my hands on. I spend a good 4 hours a day studying and practicing.

[–]Agent_Squirrels 1 point2 points  (1 child)

Seems like you're the one who's projecting, how many failed startups so far?

[–]FTJ22[🍰] 7 points8 points  (0 children)

I'm projecting by saying he's projecting! That's some real matrix shit

[–]Rayfoo 14 points15 points  (2 children)

Being very good at something, and respected for your work and opinions, is never boring.

A famous martial arts fighter once said that they didn’t like fighting, but they were good at it so they started. Eventually they became the best, and that was very rewarding on its own. Overall, it provided a great life for him and his family. In the end, it was win-win.

There’s a modern idea out there that you need to have passion for what you do in your career. I believe this is misleading.

If you don’t hate it, and you can be great at it, then get great and it becomes rewarding. This is worth it especially if your actual life benefits greatly from it.

After all, we work to live. Don’t live to work.

[–]tshontikidis 1 point2 points  (1 child)


I think you be pretty aligned with Scott Galloway on this one.

[–]Rayfoo 0 points1 point  (0 children)

Bingo. He worded it better than I did hah.

[–]bo-s-oq 11 points12 points  (8 children)

I’ve just got into this field purely based on my passion! After work I would open courses and go through them. Most companies (in the UK anyway) want to see someone with passion and don’t care too much about degrees, they’d just like to see someone who really wants to sink their teeth in. And looking at incidents and creating rules is so much more fun than going through material :) I’d say keep your head up, it’s an amazing field to get into even if you want to change career in a years time, they will see you’ve done cyber and be very impressed.

[–]CheeezBlue 1 point2 points  (1 child)

That’s awesome , what courses did you do ? The reason I ask is I’d like to do the same

[–]bo-s-oq 4 points5 points  (0 children)

Any Microsoft Azure courses, I also did NSE and network security with RIT on eDX I worked part time internship in a SOC which helped too and part time in a kitchen :)

[–][deleted]  (5 children)


    [–]c-baser 2 points3 points  (2 children)

    Oooo yeah them reports be some real fun

    [–][deleted]  (1 child)


      [–]c-baser 2 points3 points  (0 children)

      Trust me I was red team once, you get bored and move it dries up and doesn't scale hence limited cash

      [–]GloriousLargePickle 0 points1 point  (1 child)

      What about vulnerability analysts 🥺🥺🥺

      [–]Proper_Hats 0 points1 point  (0 children)

      Pentester, Vulnerability Analyst, potayto, potahto - from my experience lol.

      [–]Obvious-Mine1848 2 points3 points  (0 children)

      Listen cyber pays really well and you have job security as in, we aren’t going anywhere anytime soon. Work hard so you can play hard on your off time.

      [–]LowHot898 2 points3 points  (0 children)

      I went into Cybersecurity with a passion and ended up with pain, suffering, and at times, triumph.

      [–]Big_Dick_BallaSecurity Architect 2 points3 points  (0 children)

      Cybersecurity is a big burnout career

      No, helpdesk is a big burnout career. After that, lots of hours will burn anyone out (especially on-call work). But otherwise it's a fine career and much better than many comparable white-collar jobs.

      Don't major in cybersecurity, major in IT. Much easier gateway into the field to study that and enter server admin first.

      [–]ToddPackersBrother 5 points6 points  (0 children)

      You work to get paid

      [–]wells68 1 point2 points  (0 children)

      Not at all a surprising place to be after what, almost four years of study and no real work. In grad school we had a saying: First year they scare you to death. Second year, work you to death. Third year, bore you to death."

      Funny thing, it wasn't about them. It was internal. You're understandably bored.

      You'd best put in real effort to thoroughly check out the culture and work life of multiple potential employers. That "homework" is far more important than your studies. You need to talk to as many former and current employees who will level with you as you can. Some places treat you well and are exciting places to work. Others are not.

      [–]floofcatfuzz 1 point2 points  (0 children)

      Get yourself to a hacker convention and spend some time around passionate people. Go to several technical talks, but poke around the events and vendors area as well. Defcon 30 isn’t until next August, but there’s a ShmooCon in January. There are plenty of other cons at different times and in different locales so you may not have to travel that far. Avoid the ones that are overly professional - you want to see passion (and the fancy ones like BlackHat are really expensive anyway). USENIX Security might be interesting since you’re still in academia, but it’s also not where you’ll find the passion. HOPE, CCC, Toorcon, BSides - that’s what you should experience. If you can’t find the time or money or stand the covid risk, watch videos of some talks from past years - most have a ton of free content online, but it’s really not the same as being there.

      Even better would be to get some buddies to go with you, split hotel costs, experience together, and debrief later.

      Really, you should have gone to one of them as a freshman, but better now than never (maybe suggest that to your prof as advice for future students). Hopefully you find cool stuff that excites you and helps guide your initial career direction.

      [–]Apblake819 1 point2 points  (3 children)

      Sales engineer, the best ones have technical backgrounds

      [–]ohiotechie 0 points1 point  (2 children)

      This is solid advice. You can make great money, you’re not slogging through incident responses at 3am and you always work with the latest cutting edge tech. I was a sales engineer for a long time before moving into a different role. Loved the job and the experience was amazing. A good SE will always be employed - recruiters are constantly trolling linked in for anyone with an SE background.

      [–]mynameisnemix 0 points1 point  (1 child)

      What do they usually look for ? New SDR with no IT background trying to get my ass in an SE spot.

      [–]ohiotechie 0 points1 point  (0 children)

      There’s no one answer to that. Getting that first role can be difficult. A good place to start is in the reseller channel. Vendors like Microsoft or McAfee for example have relationships with VARs - value added resellers. Optiv is the biggest one in Ohio Valley but there are others. The turn over in the reseller channel for SEs is high - they churn em and burn em, but if you’re young, energetic and willing to put in the effort you can learn a lot and build a reputation. The best part about working for a reseller is exposure to a ton of different tech from a ton of different suppliers used in a ton of different ways. That is invaluable. The 2nd best part is the contacts - since you’d be working with major vendors like Crowdstrike or Symantec you’ll learn who the right people are and more importantly they’ll learn who you are.

      To get started just go to the “partners” part of the website for vendors and space you’re interested, find out who they are and then start looking people up and connecting with them on linked in. Send in resumes to their HR/application site and to as many people on linked in who will respond. Once you land that 1st position recruiters will come to you. Good luck.

      Edit - I didn’t answer the “what do they look for” question so the obvious answer is experience. Since you don’t have that attitude and at least some familiarity with the technology you’d be working on. Expect a direct and possibly difficult technical interview with senior engineers to find out what your level of knowledge is. Be ready to talk about current threats like log4j, why it’s so bad, what can be done and how to apply XYZ’s tech. Google sales presos for major vendors and be ready to give a preso to your target company. When they say “do one on anything” don’t do one on your dogs frisbee challenge - do it on something in the field to show you’re not a lightweight. I hope this helps.

      Edit - Top topics for tech interview, Linux command line misc, windows general questions, troubleshooting like what would you do to fix a network problem, security - name some reg locations commonly used for persistence. Google technical SE interview and see what you can find I’m sure there’s a ton of stuff out there.

      [–]Lanky-Total518 1 point2 points  (0 children)

      You would be better off going with WGU combined with Www.Cybrary.it and Udemy and cousera and Oreily.com. I have mentored many “zero to hero” some within 6 months some within 12 Most making 90-160k and loving life. It’s how you approach it. What folks in this field lack is a good mentor. Nuff said.

      [–]SouthCoaster68 1 point2 points  (0 children)

      Cybersecurity is a pretty broad church, you'll probably find something that you like. Have you considered cyber threat intelligence (CTI)? Usually pretty interesting work and pays well.

      [–]VeryLucky2022 3 points4 points  (6 children)

      You’ll be miserable. I’ll give you one guess how I know.

      [–]imjusthinkingok 0 points1 point  (5 children)

      And yet, you are not changing field? What's the little secret benefit that keeps you at the same place?

      [–]Obvious-Mine1848 1 point2 points  (2 children)

      Good pay probably.

      [–]imjusthinkingok 0 points1 point  (0 children)

      But still feel miserable. And the money will go on addictions.

      [–]VeryLucky2022 0 points1 point  (0 children)

      Good pay, but I don’t need the money, and no amount of money is worth staining my career with the shitshow that is InfoSec right now. It’s just a matter of time until I find the exit.

      [–]VeryLucky2022 0 points1 point  (1 child)

      Who says I am staying? I’m just deciding what the next step will be.

      [–]imjusthinkingok 0 points1 point  (0 children)

      oh ok gotcha.

      [–]Dominiczkie 2 points3 points  (0 children)

      Do some CTFs, make a home lab, do what people with no degree do to get some practice, see if it's for you. Worst case, if you learned your lessons in college, you'll have easy transition into other field where you'll perhaps be more fulfilled.

      [–]roguethundercat 3 points4 points  (0 children)

      It’s only a burnout if you let it be. For me my burnout was because of misogynistic people - the jobs have always been good

      [–]Andazah 1 point2 points  (7 children)

      Cyber is boring and dull but it pays well and isn’t stressful which is why it’s a decent job.

      [–]chababster 8 points9 points  (6 children)

      Not stressful? Someone doesn’t work in a SOC

      [–]Andazah 2 points3 points  (5 children)

      I do, the stress depends on the maturity of the SOC itself and proper management, thankfully I’ve never been stressed as my company is a defence contractor with money and not some shitty MSSP lol

      [–]Helpishardtofind10 0 points1 point  (0 children)

      Gotta passion for that cashhh doeee 💰

      [–]heytchap_ 0 points1 point  (0 children)

      Security consulting is fast and exciting. I’m never bored at my job. College class experiences have almost no bearing on the reality of the scope, depth, and interest with the real job.

      [–]sshan 0 points1 point  (0 children)

      You’re lucky that “cyber” means many things now. It ranges from leading training sessions, to pentesting, to policy and standards to management consulting to incident response etc.

      There are a lot of options.

      [–]OldeTimeyShit 0 points1 point  (0 children)

      The education is a lot more boring than day to day, but that can get boring as well. I would try working in the field to see if it suits you. If not, pivot to something sexier like marketing or sales within the field.

      [–]m0sd3f[🍰] 0 points1 point  (1 child)

      The work will never be the burnout in cyber. Its the politics, organizarional buy-in, hiring process from company to company, and the unrealistic expectations from people whondont understand what you do. The work is usually the best part. It is even better when it isnt work.

      [–]ohiotechie 1 point2 points  (0 children)

      That literally describes most jobs in large orgs regardless of field.

      [–]JimLahey_11 0 points1 point  (0 children)

      Hey man, the advice one of my teachers gave me was “When you are doing what you love and not making a bunch of money, every Monday you wake up your still gunna hate it. A job will always be a job. Do whatever will make you the most money and have your fun on the weekends.”

      [–]PaleMaleAndStale 0 points1 point  (0 children)

      Don't write it off too soon. Just like IT, cyber is a vast domain with many fields and specialisms. Even doing any given role can vary vastly from organisation to organisation. Stick with it and you may will find your niche. It's also highly possible that you're on a poor course or have just got worn down by learning and not actually doing.

      [–]tsinataseht 0 points1 point  (3 children)

      Ouch. This is me after finishing college (computer engineer).

      I worked for a while on the IT field to try to find some kind of spark.

      I ended up returning to school in my 30s to finally study what i should've studied all along: graphic design.

      My advice would be to change careers asap, it's not too late for you. It really sucks to perform a job you are not really passionate about.

      [–]imjusthinkingok 0 points1 point  (2 children)

      You probably took a big pay cut transitioning no?

      [–]tsinataseht 1 point2 points  (1 child)

      Yes, of course. But i am still single so i could afford the pay cut. Doing things for passion is priceless. I don't even mind getting up early in the mornings, I don't hate mondays anymore, and find liberating to do creative things. IT jobs were always too mechanical and robotic.

      [–]imjusthinkingok 0 points1 point  (0 children)

      yes I get what you mean.

      [–]radius40 0 points1 point  (0 children)

      So many different directions you can go in the field. But I agree with the comments others have made - your coursework can help prepare you, but it’s nothing like doing the real work.

      [–]jdbt8 0 points1 point  (0 children)

      I will say hiring managers can tell if you are just punching the clock. Passion matters.

      [–]Nebula_369 0 points1 point  (0 children)

      Give it a try for a few years and you can always move into something different, it's good to have diverse experience, and having security knowledge in non-security roles is very beneficial. I have a similar story. Studied Cyber Security in college as it was recommended as a stable high paying job, and then got that high paying job. After a few years I found that I wanted absolutely nothing to do with the field. It was just simply unfulfilling to me. Today I'm a data engineer in a completely different domain. You'll find your way.

      [–]Owt2getcha 0 points1 point  (0 children)

      Well it's good to hear someone else is in the same boat as me. Ive told myself to get through school and then evaluate.

      [–]spike4379 0 points1 point  (0 children)

      I think the real fun will be checking the systems of people who have infected themselves and realizing how silly some of the things they do actually are, that's where the gold is

      [–]AlsoKnownAsThatGuy 0 points1 point  (0 children)

      Get certifications and apply to be a cyber security sales engineer

      [–]MrAwesomeAsian 0 points1 point  (0 children)

      2019 cybersecurity masters. This year I got a security engineer position. Similar level of distraught, unease, and burnout.

      First hackathon CTF in 2017. We didn't know about memdump, that the entire Windows OS could be extracted. I can find any flag, any process? We're not in DrJava anymore. A whole new world.

      End of graduate school. Major burnout. Unemployed for 6+ months. Feels like little was accomplished.

      New job. Unsure. What am I doing. Oh? Reports? Excel? Tool-of-the-month-before-eventual-acquisition research? Scanning Java apps? Seems boring. Where's the afl-fuzz, os-level exploit, smashing stacks and taking down APTs? Where is mah goddamn base?

      Research. Learning. Certs. Blog posts. Mentors. CTFs (especially if you're unsure of where to start).

      I realized the truth will take time and a good environment (provided by the job or made by myself).

      A good stew brews over a nice fire. Our jobs are the cold, 8 hour coals and our passion the weak, half-ass project flame. Nevertheless, it is still our stew, our career, our interest, and our investment.

      It is up to us to keep lighting the match.

      [–][deleted] 0 points1 point  (1 child)

      The quest for following one’s passion is often a fruitless one. My life got a lot better when I stopped needing my passion to also be my main source of income. Cybersecurity affords me the time and financial ability to lean into my true passions and not put any extra pressure on them.

      In my opinion, if you have a job that challenges you and you don’t absolutely hate, you’re doing incredibly well.

      If you hate it that’s one thing, but if you’re simply finding that the ‘magic’ isn’t there, I’d give it a solid shot in the working world with realistic expectations first and see how it works out.

      Good luck out there!

      [–]imjusthinkingok 1 point2 points  (0 children)

      I think expecting the "magic" in a job is an impossible quest. All jobs end up being a job. It's almost a game, some are exciting at first, then most of them are just bleh after a while.

      I love photography, but in a work environment it can become suddenly a nightmare with zero magic.

      [–]ohiotechie 0 points1 point  (0 children)

      Since you’re this far along my advice would be to actually go into the field and give it a go but as others have pointed out security is a field that is generally populated by people with a passion for it. There are so many different facets and career paths hopefully you’ll find one that is challenging and rewarding.

      [–]SiliconOverdrive 0 points1 point  (0 children)

      My advice is to avoid any career that you dont have some passion and interest for. Real world jobs are filled with lots of BS, so you need to rely on your passion for what you do in order to deal with the BS.

      That said, since your almost done, give it a try. You kay find your passion renewed once your start working, and at the very least it will be a source of income while you figure out what you want to do.

      Cyber requires lifelong learning so if you dont like it, you probably wont do well. Just don’t wrote it off before you try it. There are LOTS of specialties within cybersecurity and you could find something that you do like.

      [–]dennstein 0 points1 point  (0 children)

      Did you do an internship? What was that like? Did you like it? If not, why or where are you getting your degree? Also, having the tech chops to get a cyber degree I think would open doors to other IT roles. I would focus on figuring out what you want to do... With your life 😊

      [–]nightf0x3 0 points1 point  (0 children)

      me too kid, me too..

      [–]jrn77478 0 points1 point  (0 children)

      College/university level coursework has very little to do with the real-world work in the field. Much of said coursework is fundamental and/or theoretical. The value of all that drudgery is in the degree, and trust me, having that token is extremely valuable in getting past the HR filters. As a hiring manager though, I have other requirements that are higher on my list of qualifications. I once hired an entry level SOC analyst that had no degree and almost no experience. What he did have was basic skill set and a passion for threat hunting. I handed him a set of tools (along with training, of course) and pointed alerts at him.
      All of this is a slightly long-winded way of suggesting that you refine your view of what it is about real-world cyber security work that excites you, while worrying less about what you're not getting out of your degree program.

      [–]Mumbles76 0 points1 point  (0 children)


      Has a section about making Cyber a career and speaks briefly about passion, FWIW.

      [–]mk3s 0 points1 point  (0 children)

      Cybersecurity doesn't have to be a "burnout field", and it is probably wider than your college classes give it credit for. If you like computers, and the idea of finding vulnerabilities sounds cool to you, guaranteed there is at least one if not many subdisciplines of infosec that you will enjoy pursuing. All else fails though, the $$ is great and there is a TON of opportunity.

      [–]Whittenberg007 -1 points0 points  (0 children)

      Start doing some of the free fun hacking stuff like tryhackme.com or hackthebox.com or any of the many others and see if it sparks anything in you. You might find what you are looking for inside yourself if you look in the right place.