ฝัง
- เผยแพร่เมื่อ 27 มิ.ย. 2024
- Ever wondered what the dark reality of working in cyber security is? Is it what you expected? Let me know in the comments!
Welcome to Mad Hat. I'm a Cyber Security Analyst at an undisclosed Fortune 500 company. Here, we talk about tips and tricks on how to land a successful career in tech. If you are interested, make sure to hit that subscribe button!
Cybersecurity Certification Study Resources
CISSP Study Guide - amzn.to/3LmjOLM
CISSP Practice Tests - amzn.to/3oreDRO
Security+ Study Guide - amzn.to/3mTGPwg
A+ Study Guide - amzn.to/3KWS27n
Check Out My Setup
Gaming Chair - amzn.to/3V0nAhg
Monitors - amzn.to/3L1DVgT
Mouse - amzn.to/3H6A5Su
Keyboard - amzn.to/3mNXLVa
Microphone - amzn.to/40BQPId
Camera - amzn.to/41BqwmX
Disclaimer: Some links are affiliate links.
Filmed with an old dell laptop
reality of working in cyber security
what its really like working in cyber security
what its like working in cyber security
what is it like working in cyber security
reality of working in cybersecurity
whats it like working in cyber security
experience working in cyber security
my experience in cyber security
cons of working in cyber security
downsides of working in cyber security
why you shouldnt work in cyber security
should you work in cyber security
should i work in cyber security
is cyber security a good career option
is cyber security still a good career option
what its really like working in cybersecurity
MAD HAT
Cyber Security Professional - All Things Tech
#DayInTheLife #CyberSecurity #SOCAnalyst
#IncidentResponse #WorkFromHome #madhat - วิทยาศาสตร์และเทคโนโลยี
![[HIGHLIGHT] หมีLIVEปะ? | EP.171 เห็นแต่ในจอ วันนี้มาต้องขอคารวะ](http://i.ytimg.com/vi/gPWLxa0e_Z8/mqdefault.jpg)
“If you think the cost of success is too high, wait until you get the bill from regret”
idc how stressful or boring this career can be. I’ll bare it all on my shoulders if it means providing a better life for my family
It can make money, what I have found is people have to LOVE this. If you don’t love it, the example of that one person not being able to or wanting to learn anything new becomes a reality. Anxiety and risk isn’t too bad, it’s not actually loving IT and cyber security.
this. or just being able to even see my family. I work 7x12's in a factory as an industrial maintenance technician. Would like to make good money with better work/life balance
I agree. Cybersecurity is boring if you're explaining it to someone, not in the industry. Once you start to chat with those in the industry who know their stuff, you get excited and all glowy. Lol, at least from my experience. The learning part is a must. Heck, I even went back to learn Operating Systems a few days ago as a refresher, constantly learning new tools and so on. People hear that they can make an “X” amount in the industry and hop on without understanding the nature of the job or even taking time to understand the basics. Everyone wants the quick big bucks with little effort. I interviewed a guy, asked him a question based on his resume, and he was all over the place. I began to wonder if he even built his own resume.
I've definitely guilty of forgetting most of what I learned in my degree. It's unfortunate having to refresh and relearn but unless you're working with the tools, concepts, exploits, etc. it's hard to retain the info. There's too much to learn! Have to specialize 😅
@@madhatistaken Lol, same here, sir! You're right!!! Too much to learn, too many resources that can make you burn out
I appreciate how open you are in your videos. As a computer science student leaning into cybersecurity, these give me something other than all the internet hype noise.
Very honest video. I'm currently in a IT support position (help desk) and I know exactly the type of person you described. I'm currently training for Sec+ and hope to take the exam in 6 to 8 weeks.
Best of luck in your studies! 💚
Messer practice exams helped me a lot. I would take one, score it, shore up the weak areas with focused study, and repeat. Once I was hitting 90% or above, I went in for the exam and passed. Keep grinding; it can be done!
@madhatistaken I failed sec+ 3 times and got demotivated. Is this normal thing. Any advice?
@@omicronceti6063 I haven’t taken security +, but I will say, try and find out where you went wrong in the exam or the studying. Most importantly, never give up and keep at it.
@@omicronceti6063 Try CompTIA's learn + labs. Haven't taken the exam yet, but it's CompTIA's tailor-made course for security+. It goes far more in-depth than the free courses you find on yt, with examples, videos, interactive labs, performance-based questions.
I am currently doing CompTIA labs for network+ and security+. And let me tell you, both labs just about have the same content. Goes to show you how important network knowledge is for securing networks. Labs having to do with packet capturing and analysis, configuring firewalls, knowing ports and protocols, ipv4 and ipv6 knowledge, 802.11. There is a lot of crossover and correlation, so much that, network knowledge is paramount to helping you understand security principles and concepts. I would double down on network knowledge to shore up any weaknesses in security knowledge.
Doing same, and yes, it's alot of the same stuff
I agree. The name of the game in any security position, is to continue growing. The more you invest in yourself and up-skilling, the more fortuitous you become.
Have to respect the grind, everyone wants a golden ticket to big money but don't see what it takes to get there. Hopefully I can help explain the process 😅
So, I just got a job as a SOC analyst. I'm starting in a week. While I have some knowledge, I don't have any prior experience, such as help desk or internships. The recruiters are aware of this, but I'm still worried that they might let me go after a month or so. The reason for my concern is that I performed well in the interview and on the task they gave me, and the technical recruiter gave great feedback to the manager (that's what I've been told). However, I can't seem to stop worrying. What should I do? What would be your advice? By the way, I love your content! You're definitely the most entertaining cybersecurity content creator, by far.
Thank you for the kind words! 💚 Tbh, I'm 6 months in and I'm more scared of losing my job now more than when I started. My best advise is to be obviously interested in learning as much as you can, be neurotically careful about closing out alerts as not malicious, and if you're unsure ask questions. It's better to ask a question and risk looking like you don't know anything than not asking and letting something really bad onto the network. By asking questions, I've gotten more comfortable with what is considered benign behavior, however my fear of getting canned is still there. I'm naturally a goofy person, so I crack jokes and try to talk to my coworkers/superiors so I can at the very least be on friendly terms if I royally screw up. Hope that helps some 😅Big congratz on the new position! #cyberarmy
Imposter syndrome is real and even those who have been in the industry for decades attest to still having it. There is no one way to fight it all most will say is Be confident in what you know and not be afraid to admit when you dont
Thanks for advice. That means a lot for me. I'll try to do my best and I will put effort. I hope you'll keep your job too do that you can keep making great content!
@@markiz1807 🤞🤞🤞 We got this all the way to senior positions!
@@madhatistaken Exactly: ASK.
I had a "job-interview-phsyco-test" a long time ago. There was a question: "do you sometimes talk about things you dont know [sh** about]?".
Since this day i started actively saying "i dont know" when i actually do not know (in private conversations and job).
Next thing you do is ask or look up the information,. if you care.
And if you care you wont loose your job =)
I just discovered your TH-cam channel and it is one of the best. It is always nice to see someone presenting the reality about the Cybersecurity field. Thanks for doing that.
Thank you! I'm trying to make helpful somewhat entertaining stuff for folks 💚
Thanks for being true. I am also an Cyber security analyst from 8 yrs and from this time I spent I can tell that it is not all that glittery.
Good to have you back bro. Thanks for the knowledge.
Bro! Preach! Loving the content! ✌🏽😎
Appreciate the transparency good sir!
Keeping it real as always! Thank you 🔥
Thank you for watching! 💚
I am an IT Support Specialist and have been doing more Systems Administration duties. I will be pivoting to an IT Security Analyst role, I have been doing some security duties already such as managing our WAF as an example but one of the things I just did was talk to my new boss about getting the CySA+
That's a solid starting cert for security analyst roles! Best of luck in your studies!
Really love your channel man. I just started in cloud security after graduation, your videos are inspiring ❤.
I've seen this before, I think a lot of people want to get into Cybersecurity because A.) It sounds cool and awesome and B.) It's a very well paying job. I've seen folks even lie about thier experiences. Had a woman who supposedly had a couple certifications but had trouble even logging onto a VPN. She was fired two weeks later.
I get that it can be boring but one thing I will tell folks is to keep studying other fields of Cybersecurity like you mentioned. You should definitely be looking for a specialization.
I kind of equate it to my old profession in law enforcement. Everyone thinks its fun and awesome but 99% of its boring, paperwork till you die and 1% of sheer terror and excitement. You make some great points. If people really got a taste of what we did, I believe most would of turned away but then again hind sight is 20/20
Paperwork makes the dream work? That sounds right 😅 I've definitely had my fair share of experiences with people who treat work like a burden rather than a learning opportunity. Even my retail jobs taught me how to appease customers/clients which can go far in certain fields. It seems like it's inevitable to get those bad eggs in every field who don't want to better themselves but feel entitled to the position/pay, but if we're lucky we have managers who sus out the bad eggs semi quickly. All we can do is better ourselves and become so invaluable that companies will be fighting to hire you 💚
@@madhatistaken I completely agree. The only person you should be in competition with is yourself. Great content by the ways! I always get a chuckle watching your skits.
My man keeping it real!!
Love the info ! thank you very much ! Do you think its possible to get a SOC Analyst position in Europe for a US company ?
Thanks for giving me idea on what i want to be after graduating my computer science.... I'm now going to 3rd year college I still need to learn many stuff and i hope my future self would made it.
Great videos!!!
Inspiring video, I appreciate you sharing the truth about cybersecurity, you definitely have to have a passion for it, if not it will be a failing pursuit. Thank you again, and keep the videos coming. Btw, what is your experience working remote, like your schedule? I was offered a position at Michelin Tire for SOC analyst. My work schedule was three days at home, and two report meetings onsite. I was just curious.
Thank you for the kind words! My schedule is fully remote luckily (I'm spoiled). Several of my coworkers and bosses were slapped with a mandatory 4 days in office, 1 day home email (previously 3 days in office) a week ago. I'm trying to find another higher paying position working fully remote, but I'm finding I may need to snag a few certs to stand a chance...
@@madhatistaken sounds like a comfortable schedule 👍🏼
I am in the process of achieving more certs, which seems to be the path of stepping up a level. 🤷🏽
Love your videos, keep it up
Thank you for watching! I'll keep keepin on 💚
This video was great imo! I really do feel that this field is for me, I'm very patient and work well with others who are willing to work too + I love to learn something new everyday and love staring at my computer screen haha, I just wish I had the resources (money) to get there.. :/
Hi Mad Hat, great video as always.
Your joke about starring at the screen for 12H, I will add it to my cover letter 😁 I dont mind starring at the screen for 12 hours a day, I have been doing for the last 9 years😅
I’m digging your videos and the real world examples you give. I’m also liking the WoW gameplay at 0:29 lol
I love the quality and honesty in your content
Very insightful
I am changing my field after 10 yrs from another field.
Very well conducted
Wish we can connect sometime 😮😊
Regards
Thank you for your kind words. 💚 Best of luck in your career change!
May we connext pls
I am also unable to subscribe to coursera plus in your other video of "how i would start cybersecurity from start if i started new again " @madhatistaken
I saw in another video you had a friend who got into cloud engineering after getting an Azure cert or certs. How's that going for him? I'm on help desk currently but want to expand. I have a few certs under my belt like Security+, Network+, AZ-900. Just looking at the options here and cloud will only get bigger, I am wondering if I should just pursue that route, as what you've outlined here, while security is appealing, there are some things that make it unappealing as well (kinda having to live and breathe the job, not much tolerance for mistakes, etc.) so I'm thinking on another path.
He's still in the role as far as I can tell from his LinkedIn. He quit a few months before I did, so he's been in it for a year. I know he's excelling based on how fast he picked things up at our last job. If you want to pursue the cloud you can certainly build on your Azure certs and get the higher up associate/expert ones.
@@madhatistaken Thanks. Do you know if he has the CCNA, or if you think that would be a good add for that career path?
@SorikuXIII As long as you have a good grasp of networking it's uneeded in cloud since most cloud roles aren't going to revolve around Cisco. He didn't have any network certs as far as I knew or his LinkedIn profile shows. He had a bachelor's in criminal justice and a couple Microsoft certs, one of the fundamentals and an associate one.
@@madhatistaken interesting. My thought is it might be easier to get into that administrator type side if say you get the CCNA and land a network type role (or at least anything above help desk lol) so you can touch more of that stuff. I would think the same may apply (to an extent) to security. But who knows
So I’m kind of interested in the field, but at the same time I know my knowledge of even just computer science is super shallow rn as I’m only just a university student.
But my school doesn’t offer anything related, how would you recommend someone like me just learn a bit more about the basics or to get my foot in the door?
I have my sec+ and a security clearance from the national guard. A few months ago I landed my first IT job at a help desk. Tons of learning going on. I want to split off into CS work hopefully after the holidays. These videos are scary and relieving at the same time. Any vets wanna give some advice here? (Vets in terms of military AND people who have seen things in the industry. Lol)
1:40 got me man I almost spit out my drink
😅
Love that psy in the background
Thank you !!
Thank you for watching!! 💚
What is the actual boring side you speak of though? Just putting up with help desk stuff or what? Like I get we wont be hacking right away or doing movie stuff and hell, i was in the army so I know all about maintaining certs and stuff like that but is there anything specific you are referring to?
Ayo bro you’re huuuuuge
What’s you’re gym regiment?
Great info too!!
Lately, I haven't been going very strict, but I've done a 4 day split for years. Chest/tri, back/bi, shoulders, legs. I also worked for a moving company through college, which probably added a bit of size 😅
@@madhatistaken you look great despite your break :]
Great content too, keep it up :p
Security is not static is dynamic, thinking about security policies, security in software and network architecture and then security in logging and monitoring, reading hacker forums , hacker chat , 0 day exploits, sometimes i think that many security problems is by the design of the software and cloud vendors.
I've heard it said that there is more money in hiring than retention. Do you think that's the case with tech and the high turnover?
I think for larger organizations the hiring cost goes down significantly as paying someone for a few months while they get their bearings is just one of potentially hundreds or thousands of salaries vs a smaller company with say 20 employees. But regardless of size, I imagine that holds true for the hard to fill positions (mid to senior) with beginner roles being close to the same cost for hiring vs retaining. You've peaked my interest and may have to research/ make a video about it 😅
i admit i am a little scared but its a risk i'm willing to take. thank you for the video!
I’m trying to learn what I can to land a SOC role. In time I’ll find something. I just want out of my current career.
I was recently speaking with two high level executives at a large software company. They each said they see more and more people coming out of four year programs that cannot answer basic security technical questions. That was surprising, but if you review some of these free cyber security interview prep lists, and practice and can answer correctly and confidently, you should do well. In the interview. Now for performance on the job, you need to have built up a set of projects to gain practical, working experience. Now, this could be done at a home lab, or by volunteering to assist an organization that cannot afford MaaS, and so on. Good luck!
Cybersecurity is way more interesting when you consider the physical barriers aspect of it. People can just steal the assets instead of hacking them.
Everyone say you need to stay current and keep learning. How do you personally stay relevant? Certs is good for skills but does not stay on top of emerging threats or new techniques/ technology. Any thoughts?
Podcasts, news boards, twitter feeds, and stuff like that lets you know what the new threats are. You have to do deep research into the new threats to determine how it may affect your organization. If there's a new zero day vulnerability to a specific system you need to check your environment to see if that vulnerability can be used. If it's a new malware then break it down and see how it works so you can implement detections for it. If there's a new phishing tactic, let everyone on your team know, and maybe put in additional blocks for certain IoC's. Stuff like that keeps you on top of emerging threats. It's a lot collaboration between security professionals online. I am just starting out and I'm just pointing out what I've encountered so far 😅
@@madhatistaken thank you, appreciate the response.
@@trickwheel Thank you for watching! 💚
Jack Rysider is fun to listen for stories, BlackHat is a good channel for very technical cyber attacks discovered by researchers in the field, CyberWire is also a good podcast, and there’s also DEF CON, I’d also suggest searching individual terms you don’t understand when listening to better grasp concepts overtime cause things will sound like sci-fi jargon until broken down
@@madhatistaken How do you explain a new phishing tactic to the average employee?
I once started writing down what i wanted them to know, but stopped when i was on like page 5 :D
At the end i tried to let them know that every email can be fraud, and no attachment should be opened (works "well" ofc).
In "my dreams" all emails would be delivered as text only without any attachment. But in reality ... in reality i just hope for the best :)
So, do you have something like training days for employees, or do they just get a note?
in a few days I start my first job as a pentester, and it's really very stressful, because I'm always worried about not meeting expectations, but lets go hahah
Confidence is crucial! 😅 Even if you doubt everything you're doing like I do. I still try to act confident around my boss.
Why is it hard getting an entry level job? I'm even ready to work for free 😢. I have an MSc in Information Technology, a Bsc Information Technology. Have taken courses and tons of courses. I have even setup my own lab, feeble around with my lab and network, practised on try THM.
What's the way forward?.
When many of these complex jobs being boycott by people, either they will use ai to take over or combining them with other jobs like networking.
Who's boycotting? People who need 25 min dump breaks at work?
We'll have to change positions laterally to AI security engineers 😅
@@bobanmilisavljevic7857 🤣😂
@@madhatistakenYes because we definitely don't want a resident evil scenario to happen.😅
Love this ❤😂
If infosec jobs were paid commensurate with the risk they manage and the value of what they’re guarding (and the cost of the tools they use to detect and prevent attacks), every engineer should be getting 300-500k.
There's some Ciso's making that 😅 but, us cogs in the machine only get a small piece of the pie.
@@madhatistaken well fortunately it’s also not our heads that roll if there’s a hack.
@@AnthonyBolognese710 That's true, the silver lining 😅
When I was in high school I used to sit and stare at the screen watching music and movie files download at 56Kbps. Sometimes I made it a game and guess which file would download before the rest. You think I have the patience for cybersecurity?
i hope i can find cybersecurity internships during the years while in online college. might go to asu or osu but im also gonna be doing the google cybersecurity certification while in school. i wanted to do a work-study but i seen that i would have to be experienced so 💔
really wanna strive to get my phd in compsci with a concentration on cybersecurity
Twelve hours a day? Five days a week? Or four 10's kind of thing?
You said in a prior video that you were working from home? is that still the case?
Indeed it is! I still work from home 😁
@@madhatistaken Ah. Thanks for the reply. Your interacting with coworkers confused me some. I imagined you in am office. Good to hear.
so youre telling me that an guy in an small red car is not gonna show up and asked me to rom an mint because im in cybersecurity
One day, you will be promoted to passive aggressively tossing spreadsheets at your colleagues and attending 2-hour meetings about the format of said spreadsheets. You have a lot to look forward to!
Maybe one day! 😅 I love spreadsheets!
Thanks for the content my good sir. I’m making the (or attempting to) transition from Law Enforcement to Cyber Security. My only pertinent background experience would be with detailed investigations for the physical side of things, and writing subpoenas or warrants for IP addresses that always seem to come from outside of the country.
My passion for this field comes from those experiences though. The protection of data is something that I could see myself enjoying. I made the unpopular decision to enroll in a boot camp to kick off my knowledge and “experience”.
Looking forward to following your journey, while also updating you on mine!
P.S. I really appreciated the TryHackMe video. Please continue that :)
Thank you for watching! 💚 Keep us posted on your career progress! Sounds like you have a solid start on the networking side of things. I'll be posting another TryHackMe vid soon 😅 aiming for once or twice a week videos for the series.
Former Law enforcement officer here as well. You can do it! I recently transitioned almost two years ago and never looked back. Definitely know networking and Cybersecurity concepts, they will be most of your bread and butter.
@@ThePatheticPenTester Hey!! Thanks for the advice. What role did you first transition to when you left Law Enforcement? Was it some type of entry level help desk to start networking, or were you able to obtain an SOC role right off the bat?
@@SternalJet So I started as a triage analyst working in Data Loss Prevention (DLP) and then moved up to a Secruity Solutions Analyst which is a fancy way to say SOC Analyst but without the pay.
Found a new position as a Cybersecurity Analyst with a different company making way more money. I only hold a Security + certification right now and it's honestly the thing that got me pass the HR gatekeepers.
Experience is king in this field. Definitely look at entry level Cybersecurity roles and get after them, most people will tell Cybersecurity is not entry level but ignore them.
Get at least the Security + and start doing all the free stuff first if you can. There is a plethora of courses and videos you can watch for free dollars.
Build your foundation and if you haven't yet create a LinkedIn and post any and all labs, courses and certifications you achieved. Hope this helps.
good for you of getting out of that gang. i can only imagine how insaely hard of a life decision that is of leaving a thug gang
I hate how most businesses people have the mindset of "we'll deal with it when something bad happens"...like...let's try to prevent it?
P.s. the japanese backdrop haha
False positives enough said pain the ass
So what you're saying is... No matrix like code in black and green?
That's only for the few elite that work in the shadows
@@madhatistaken you mean like stux net developers?
Yea most of these damn TH-camrs have overhyped the field and a lot of people are realizing how technically the job is and how difficult it can really be.
i like your videos bro
💚
max is 120k
Do you believe IT is gonna fall as a whole when quantum computers become available in 2030? Cryptography as an example can be broke in a matter of minutes
There's cryptography that is resistant to quantum computing. I think we'll have to start battling quantum computing with quantum computing in cyber to keep up, but there's a lot of tools and security architecture that will become obsolete. It won't happen overnight and the transition will happen over many years. One can only hope whoever is able to access the first few stable quantum computers doesn't use for "EVILLLL" 😅
@@madhatistaken man stuff is getting weird, I found a channel speaking about the D-Wave computer with A.I. integrated. Dude spoke about god like knowledge this computer will have. Being zero and one at the same time they managed to open portals, weird weird stuff. I want to start studying cybersecurity but I am worried I have to tear down my diploma in few years if we all need to study everything again since the technology involved can be so different.
There is already cryptography against quantum computing ironically
You’ve made me actually comment on a video, that’s when I know you got some real shit you’re talking about
Honestly, I think I would rather do the paperwork because I don't have to worry about getting hacked by black hackers as much as the others.😅 My (stress) would be the actual fun stuff. I could be a weirdo like that.☺️
Auditing is a lucrative cyber space to get into!
🤝
most jobs are boring
Haha that 3rd arm. Blue teaming is big. Also, Ryan McBeth posted a video about this v subject. th-cam.com/video/6BrdB4ivOE0/w-d-xo.html&pp=ygUhcnlhbiBtY2JldGggY3liZXJzZWN1cml0eSBwYXkgY3V0
What the hell is this word diarea 😢
Ha! You didn't find it informative?
👏👏👏
haha 🤣
you know its stilll funny looking back everything was just put under "hacker" and it seemed like the coolest thing. for me it was anonymous (this was when i was like 12) still think its dope but for many MANY other reasons.
Just got a job as a trainee SOC analyst for the government. So scared that they're gonna fire me because I have 0 experience and basal level knowledge. Beefing it up with TryHackMe pathways before I start though.
Congrats! 🎉 They hired you cause you must be more competent than you think! Don't let imposter syndrome eat up your confidence like me 😅 ask questions, learn your butt off, and try to make friends with everyone!
@@madhatistaken thanks man 🙏🏽
The selection process was crazy. We just had to play a couple of "games" and get an overall score of 80% or higher. Then just an interview about the reasons for choosing cyber etc etc. And BAM. Someone with a non IT background is in a SOC traineeship. Mind you, this is the actual ministry of defense. The pressure is real 😭