HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
You know, it is pretty damn sad that the younger generation isn't interested in cybersecurity jobs, especially considering it is one of the industries out there that is currently hiring. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Young People Aren't Interested In Cybersecurity Jobs
- Thread starter HardOCP News
- Start date
atp1916
[H]ard|DCoTM x1
- Joined
- Jun 18, 2004
- Messages
- 5,004
Perhaps its because when people think "cybersecurity" they automatically think public sector NSA type stuff that heads in the wrong direction.
I guess the case isn't being made strong enough for cybersecurity in the private sector, where the real gold is to be found.
I guess the case isn't being made strong enough for cybersecurity in the private sector, where the real gold is to be found.
leeleatherwood
[H]ard|Gawd
- Joined
- Sep 6, 2011
- Messages
- 1,582
I would work in Cyber Security, tracking down pedo's would be a pleasure.
ShadowVlican
Limp Gawd
- Joined
- Nov 12, 2006
- Messages
- 420
money. we young people follow it.
Yakk
Supreme [H]ardness
- Joined
- Nov 5, 2010
- Messages
- 5,810
Nobody wants/are able to do a job = salary goes up gradually until it becomes enticing enough for people to go for it.
But then too many go for it so companies can pick and choose at lower salaries.
It's a cycle.
But then too many go for it so companies can pick and choose at lower salaries.
It's a cycle.
rostabosta
n00b
- Joined
- Jul 11, 2007
- Messages
- 56
Um 24% seems pretty high to me
longblock454
2[H]4U
- Joined
- Nov 28, 2004
- Messages
- 2,736
Mmmm, specialize in Cyber security, get good job, make one small tiny mistake, 10M customer SSN#s get snatched = Instantly Fired, get blacklisted, children starve to death, wife sleeps with loser brother.
temujin987
[H]ard|Gawd
- Joined
- Jun 24, 2008
- Messages
- 1,351
so you could have a look at the evidence all day?
Sec+ and CEH aren't worth as much as you may think... I have both and a handful of others. CEH is a borderline joke in this industry. If you want to be certified in knowing how to run a few programs in Backtrack, then it would be worth it, but it's not a top level certification.
CISSP and some of the advanced SANS certifications, such as GXPN, is where you should be setting your sights if you want some good job offers.
roflmywaffle
Weaksauce
- Joined
- Jun 8, 2006
- Messages
- 74
I'm actually working on a degree towards this feild right now. Wish I started it earlier, though. Now I'm the crusty sergeant telling all his troops not to be like me and wait to get a degree.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Not surprising kids lost interest.
Computers used to be a fun hobby that was easy to get into. Now a decade of innovation in hardware/software on, computers and code are so varied and complex that the hobbyist/tinkerer aspect is all but gone and the damn things are appliances.
Computers used to be a fun hobby that was easy to get into. Now a decade of innovation in hardware/software on, computers and code are so varied and complex that the hobbyist/tinkerer aspect is all but gone and the damn things are appliances.
I wonder if its fear that keeps them away. Fear that you'd majorly fuck up and bring down the corporation's network due to hackers smarter than you, with the public wielding pitchforks and torches demanding the head of the cybersecurity "experts".
Cybersecurity is the opposite of weather reporting. You can be wrong all the time in one of the two careers.
Cybersecurity is the opposite of weather reporting. You can be wrong all the time in one of the two careers.
As a CS Security Major, the reason is that there is too much liability and stress and blurred job roles. It's also a hard and dynamic job.
*****Incoming *rant*
I know people in this industry and the stories are all the same.
If the 4chan script kiddies decided to take your companies site down, you are suddenly at fault for it and it's damn near impossible to have the resources to fight against it as one lonely security guy.
Then you are bombarded by directors and time wasting meetings of companies bringing in appliances that will increase security. It's all smoke, mirrors, and bullshit. I can get the same thing out of an OpenBSD box and some PF .configs
The whole being the sole responsible party is really taxing on morale as well. Being dragged into a meeting and they are all Well why did this website launch go really badly and why did this get defaced or why did this leak. (side note being blamed because people email other people with internal stuff is annoying. I can't prevent stupidity) Usually it's just one guy or lady... because security persons are passively egotistic and think their methods are the best, and the truth is, security in programing and networking is very very very very immature and very trial and error. It gets outdated soo fast. No one is willing to sit down and brainstorm and come up with new stuff.
Then you get nagged about shit that isn't your problem. "oh the database is down", "I deleted my .pst, I think it was hacked..." Um, call the help desk that's not my job. Same with "why did this launch website go down, you should of prevented it" Well, security and 1,600 complex queries a second are two different things and isn't my title.
Then you have the fucking douche-bag Network Admins that all feel you are impeding on their job... None of them ever want to sit down and make a plan. at some point you just eventually get the routing passwords and start changing shit yourself because they think they know security.
^this mandatory action gets you ostracized by your department. New servers start going in with out your consent and it all goes to shit and you are blamed for it going bad. Or they set it up and it doesn't work, because I'm the bad guy blocking port 8080 from external ip's.
Also, you have the issue that after about 5 months most of the changes are in place and everything is good, so you have nothing to do and are let go, or made a unix admin, or in some cases a phone admin, or they start routing you support calls.
This is were it gets good...
So, at some point you are just testing some stuff against the basics and then you find a SQL injection that can return employees emails and other data... Fill out the action report and submit it. Next day you are called into meeting and you are written up for malicious damage to the company.
*******Gahhh.... /rant
The reason why no one wants these jobs is because most older established companies that are trying to fill these positions don't know what the job is or how it needs to be operated. Until then, I'll sit here and let my knowledge become outdated and maintain legacy software.
*****Incoming *rant*
I know people in this industry and the stories are all the same.
If the 4chan script kiddies decided to take your companies site down, you are suddenly at fault for it and it's damn near impossible to have the resources to fight against it as one lonely security guy.
Then you are bombarded by directors and time wasting meetings of companies bringing in appliances that will increase security. It's all smoke, mirrors, and bullshit. I can get the same thing out of an OpenBSD box and some PF .configs
The whole being the sole responsible party is really taxing on morale as well. Being dragged into a meeting and they are all Well why did this website launch go really badly and why did this get defaced or why did this leak. (side note being blamed because people email other people with internal stuff is annoying. I can't prevent stupidity) Usually it's just one guy or lady... because security persons are passively egotistic and think their methods are the best, and the truth is, security in programing and networking is very very very very immature and very trial and error. It gets outdated soo fast. No one is willing to sit down and brainstorm and come up with new stuff.
Then you get nagged about shit that isn't your problem. "oh the database is down", "I deleted my .pst, I think it was hacked..." Um, call the help desk that's not my job. Same with "why did this launch website go down, you should of prevented it" Well, security and 1,600 complex queries a second are two different things and isn't my title.
Then you have the fucking douche-bag Network Admins that all feel you are impeding on their job... None of them ever want to sit down and make a plan. at some point you just eventually get the routing passwords and start changing shit yourself because they think they know security.
^this mandatory action gets you ostracized by your department. New servers start going in with out your consent and it all goes to shit and you are blamed for it going bad. Or they set it up and it doesn't work, because I'm the bad guy blocking port 8080 from external ip's.
Also, you have the issue that after about 5 months most of the changes are in place and everything is good, so you have nothing to do and are let go, or made a unix admin, or in some cases a phone admin, or they start routing you support calls.
This is were it gets good...
So, at some point you are just testing some stuff against the basics and then you find a SQL injection that can return employees emails and other data... Fill out the action report and submit it. Next day you are called into meeting and you are written up for malicious damage to the company.
*******Gahhh.... /rant
The reason why no one wants these jobs is because most older established companies that are trying to fill these positions don't know what the job is or how it needs to be operated. Until then, I'll sit here and let my knowledge become outdated and maintain legacy software.
atp1916
[H]ard|DCoTM x1
- Joined
- Jun 18, 2004
- Messages
- 5,004
Oh yeah. There ain't no "entry level" here.
so does everyone..
I don't understand your logic. If there is more variation then there are more to tinker with. It's closed platforms that kill tinkering. I mean, that's the point of them, isn't it?
@@dmin: Awesome post.
atp1916
[H]ard|DCoTM x1
- Joined
- Jun 18, 2004
- Messages
- 5,004
A standard CS or SE Network / IA domain degree would work.
Twisted Kidney
Supreme [H]ardness
- Joined
- Mar 18, 2013
- Messages
- 4,099
I know an ex-cop who worked with a sex crimes unit for his last six years on the force up until he retired early.
It takes a pretty strong stomach to do that job and it did him in.
EchtoGammut
2[H]4U
- Joined
- May 7, 2007
- Messages
- 4,055
This is pretty much spot on and the reason there are very few full time cyber security specialists... most are contractors or consultants. The funny thing is that rant is almost an identical one that I read from a DBA a few years back. Companies not understanding what their IT staff does and internal infighting is why IT is so dysfunctional. Furthermore, I have never seen an entry level cyber security job opening (outside of healthcare and the pre-reqs added up to a person with 5 years despite what the listing said).
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
There's less to tinker with, as the systems have gotten complicated beyond the need or want of tinkering, IMHO.
Most games these days? Far better graphically/etc. than 10-20 years back. Most games similarly have MUCH less tweakability and moddability than 10-20 years back. Think Mass Effect series games compared to Knights of the Old Republic #1 or Half Life. Half the fun in those old games was being able to create and mod the content and config files, and thereby learn how the game and code interacted, that seldom is allowed anymore outside of Fallout-genre games.
These days...You buy an SSD/HDD/GPU/RAM/sound-card/printer, plug it in and go automagically 95% of the time. No fucking around with .cab or .dll files or needing to alter .INI config files, you seldom even need to learn the website of the manufacturer to get drivers. Minimal need or real want to tweak anything beyond very surface level GUI parameters. No need to learn command-line syntax and use. No need to learn or know what an IRQ is, very little need to really understand how user permissions work. You want to install an OS? Throw in a DVD, click the mouse a couple times, and you're done.
There's very little left that really needs or can inspire a hobbyist's mindset in computing at home these days. About the only thing that isn't always simple-stupid plug'n'play is setting up a LAN. Although networking too has made huge strides in being KISS in the last handful of years. Overclocking these days is seldom really needed, and even when it is-it is so KISS with LGA1155 and above chips that it requires no thought or understanding.
For kids these days, there's VERY little need for them to tinker and learn a computer system outside of Android cellphone handsets....cellphones are currently the last really wild frontier for tinkering for kids who want to get into computers/code. There's also ofc normal desktop *nix, but let us face it-99% of people have no need or desire to really tinker with a desktop Linux install as of now.
You want to tinker Windows or OSX at anything beyond a very surface level...you're going to need a few text books on a few computer programming languages/APIs to get started, as there is simply that much to know today. And when there's an entire profession's worth of knowledge to learn just to tinker, that is when it ceases being "fun" and "tinkering" for most people and becomes "work".
Not a problem anymore. Remember Uncle Sam is going to offer "Insurance", that exempts them from civil liability, to businesses that meet Federal IA requirements. So as long as the business stays current with the Fed's IA certification program then they can't be sued.
That means when Java X.x still has known vulnerabilities which the vendor obviously hasn't patched yet, and the Fed's scan says it's a known vulnerability but there is no fix, they are considered compliant because they have done everything they can do until the vendor fixes the problem. Of course this doesn't help you with the damages you have incurred because of the data loss. The Fed's just look at you and say "though cookies".
And somehow I don't think this approach will put any more pressure on Sun, or whoever, to patch their product vulnerabilities. In fact it would seem all the pressure is off, because now the Fed's protect the businesses and the businesses just tell the little guy to get fucked, which we can see has already happened.
Cause you don't go straight into these kinds of jobs. You get your start in a related field while you work on the certs you need for the IA job. The normal is you get your Net+ and Sec+ and get a job somewhere pulling cable or whatever. A starter Job. While you are there finish your college if you haven't got your BA yet or skip it if you think you can for awhile. But you move into a Network Admin position or a Sysadmin spot. By now you are close to your 5 years and hopefully you have your CISSP or something similar and you start looking for the low to intermediate IA/Cyber Security positions, etc...
Of course, a different route is to sign on with the Military, I recommend the Air Force, they have the best IT reputation going out of the services. You'll pick up a security clearance along with the training while earning a paycheck and more money for school. Four years will set you up nicely and you can move right on into some contractor positions which will pay at least $70K+ depending on the job and location. Then when you have all your certs and job experience off you go wherever you want.
It's an option.
TechLarry
RIP [H] Brother - June 1, 2022
- Joined
- Aug 9, 2005
- Messages
- 30,481
They aren't worried. The Government will take care of them.
Ohh, BTW, if you have that 4 year degree in IT work before you sign up then you can work your way into a Commissioned Officer or Warrant Officer position, then you'll swing a better job as a contractor probably, and that'll make you look even sweeter to the civilian businesses out in the world if you make a complete break.
WorldExclusive
[H]F Junkie
- Joined
- Apr 26, 2009
- Messages
- 11,548
That's what I'll say a big NO to.
I've been saying for years the whole enthusiast, hobbyist side of computers is practically DEAD. Now days it brain dead easy to build, configure, overclock, cool, test and do everything with them them. Everything plug and play. It's all about marketing and buzzwords. Overclocking is meaningless, Intel and AMD take that into account when they sell them. We think were doing something special and gaining extra unpaid for performance..uh no..its all been engineered, planned and marketed that way.
Today what important is who has the the most money or credit to buy the most expensive gear and the nicest colors, lights and windowed cases. Lightened keyboards, and bling. Looks great! LOL wtf?..
Now days it's so gaming, video, media centric, back in the day it was about the whole computing experience.
It use to be more about taking the cheapest or average gear and make it as fast and perform as the most expensive stuff in all kinds of creative ways. That's what enthusiasts USE to do.
Now its just mostly boring..go buy expensive parts, build and slap together in a few hours. Don't forget to make it tidy! lol Someone might wan to come over and have a look! haha. gotta show it off ..
/drunken rant over
This is true. For me it started with needing to edit the sysconfig and autoexec files just to get the game to run. A year or so ago I installed Win7 on three systems in my house and I had a network with printer running before I could blink. Thank god I started over 20 years ago or I wouldn't have learned a thing with today's systems and software. The crazy thing is, it's still just 1s and 0s and all that old shit still applies to one degree or another, it's still valuable.
Manaknight
Supreme [H]ardness
- Joined
- Jun 6, 2005
- Messages
- 5,446
you forgot the other side of the coin...when a company is too cheap to hire a guy like you and suddenly the lone IT guy or IT duo are suddenly help desk, network admin, and NSA level security specialist...oh yeah no classes or certs covered by company and no pay increase..have at it and no breaches....and then it basically cycles through the rest of your list.
Twisted Kidney
Supreme [H]ardness
- Joined
- Mar 18, 2013
- Messages
- 4,099
"Go into technology!" they said.
"Sure!" Gen X Said.
"Job for life!" They said.
"Awesome!" Gen X said.
"This is Rajesh, he'll be replacing you working from our new Delhi office. We're going to save so much money!" They said.
"FFFFuuuu." Gen X said.
Good on them, don't get scammed into joining the temporary workforce, go learn a trade or become a pick pocket, I MEAN busker.
I'm a builder now.
"Sure!" Gen X Said.
"Job for life!" They said.
"Awesome!" Gen X said.
"This is Rajesh, he'll be replacing you working from our new Delhi office. We're going to save so much money!" They said.
"FFFFuuuu." Gen X said.
Good on them, don't get scammed into joining the temporary workforce, go learn a trade or become a pick pocket, I MEAN busker.
I'm a builder now.