I see a lot of young people that want to get a job in cybersecurity, and whenever possible I am trying to talk with them in order to understand what makes them to want to get into this industry. Is it passion for IT security or is it just the growing salaries in this market? Unfortunately, it seems that getting a job into this area is becoming a trend while there is no real motivation for knowledge.
It really makes me sad when I see a person in his early 20s to only think about money. On the other hand, I also appreciate the fact that not everyone wants the same things from life, and for that reason I am not judging anyone. What is however important in any case, is how you get there. Putting things in the right order is the best way to go. These are just personal points of view. I am not trying to tell anyone what is right or wrong. I am only expressing my opinions, and you can agree or disagree. :)
The following are some of the things I hear quite often from people that come straight of the university.
1. I just want money, and infosec pays well!
It might be true that this industry pays well, but this is not something given. Going after the money, assuming that someone will just give it to you, it’s as naive as it gets. Nobody is going to hire you just to pay you more.
Companies pay more for someone that can bring more in. What you have to realize is that at the end of the financial year, your salary is just an expense for the company. The asset and the real value is you and the skills that come along with you. So, thinking that a company is going to increase their expenses just to pay you more makes no fucking sense. You need to turn that expense into an investment. The sooner you realize this, the better for you.
What companies pay for, are skills. By focusing on the money you won’t get any of that. Focus on the skills instead. Try to make yourself valuable, but do it for you, not to get paid more. However, in order to do that you really need to love and care about your job. Once you are good at something, someone will pay you to do it. You can bet on that. Seeking knowledge and skills will bring money on the table soon or later.
Looking just for the money it will probably bring neither of the two, and if by luck you manage to get the money, you can be sure that you are going to be bored to death. In the end of the day, you will either get a role that is only paid well because nobody else want to do it, or because they need someone to work under 10 meters of ice in the south pole.
Unless you win the lottery, there is no easy money. Keep that in mind!
2. If I get that certification, I will get more money!
Right. Again, you need to realize the real reasons behind the fact that a certain certification might you give you an opportunity for a higher salary. Remember what I have said above. Your salary is just an expense. What happens though in this case, is that you certification might bring more customers in, hence more money to the company. So, you might be getting paid slightly more, just because now you can bring some more money in, but this doesn’t really make you that valuable.
Next day, a guy with that certification, straight out of the uni and with 10 times more skills walks in and suddenly you are not that valuable anymore. What will probably happen, is that you will see the new guy jumping over you in a matter of a year or two and you will be sitting there thinking about ‘what the hell just happened’. You have the same certification, but now the other guy is suddenly getting paid 30% more than you do. Surprise!
Like every other thing in life, certifications are really valuable to you if you are able to recognize their real value. No certification can reflect the real skills and knowledge behind an individual. Some certifications might prove that you have the minimum set of skills required to do a specific task, but really that’s all what it is about. If you think you are awesome just because you have a certification, you are probably drunk or brain damaged.
I have heard, and seen people being treated based on the certifications they have. Seriously, if that’s your manager and/or your colleagues, then you are probably in the wrong place, and you should be getting the hell out of there before they turn you into a brain-zombie like they are. Just get the fuck out!
3. I want to become a manager!
Good for you, but the people you are going to manage they are expecting you to have been ‘there’ before them. Depending on who you are going to manage, you are going to be needing a specific set of skills. If you really think that because you have an MSc in inormation security you are going to get paid more to manage a team of techies, you must be out of your mind. These guys will eat you for breakfast before you even finish you first day ‘Good Mo….’.
Seriously, imagine yourself enjoying your job doing something technical that you really love and then one day a guy walks in with no fucking clue about what you are doing and all the sacrifices you did to get there, and now that guy is going to judge the quality of your work. Good luck with that! Seriously, the end of this story would be so obvious, that there isn’t much to talk about.
As mentioned already, these are just personal points of view. However, if you think that what you have read here is just common sense, then you might be on the right path to enjoy your future career in cybersecurity. ;0)