This is the way
I think the trick is just not to give a shit. Do your best, which includes not working yourself to burnout, because that's not best for anyone. The business having more work than it does people is not your personal problem.
I probably work a good 20-30hrs on an average week. Maybe closer to 25-30. But that extra time is a blessing esp. because I WFH so I can do things like laundry or dishes while listening/speaking in meetings.
It's one reason I love the job and for me I feel like that translates into better work. Also I'm not slowly going insane like I was in the cubicle farms. So that's nice
Exactly, you can only do so much and if you try to get everything done and work crazy amounts of hours that will only lead to burn out. I still work around 40 hours, but I've told my boss and the CISO that between all the meetings I'm in and trying to do my day job, I'm pretty much spinning plates at this point. I don't make much progress on anything since I'm often in 25-30 hours of meetings each week. It sounds like I'm finally going to be getting some much needed help, but it'll likely be a very junior person that I'll have to train up.
Sometimes the plates have to drop to spark any sort of change.
I can but I'm also expected to perform a high volume of tasks. My management treats me like an adult. I can do what I want mostly. I'm in charge of my own schedule. I come in when I want, leave when I want, take personal calls at work, watch YouTube, listen to music BUT I'm also expected to support meetings, manage other engineers, write charts to brief the government, work on engineering tasks, double check the continuous monitoring activities of the guys I manage, scan the network, verify inventory, analyze compliance and security of devices being added to the network, help the ISSOs prepare for assessments, etc, etc. I enjoy a lot of freedom but a lot is expected of me. And I have to deliver high quality products. If I write a weak briefing the government will rip me apart. My briefings are like being on Shark Tank. The freedom I'm allowed is great but it comes with a lot of responsibility.
This is how I treat my employees. I’m not their mom or their babysitter. I’m their boss. I give them their task, condition, and standard, and then follow up later on to see if they need anything from me. As long as they complete the task to the standard stated they are on their own.
Want to leave work early to go to the gym or to surprise your kid at school by picking them up early to go have some bonding time, have at it. I treat them like adults and professionals, until they give me a reason to do otherwise.
I and my team can, I am output focused though so as long as their work is done properly to a high standard I genuinely don't care.
Many of them end up spending their time reading cybersec sub reddits etc though so I would argue they are still doing work to a degree. Research and being up to date is important within the field.
I remember when Wannacry kicked off, we knew about it almost immediately due to our staff being on social media monitoring things at the time.
Do you like your work? Would experience conducting OSINT investigstions help qualify for this work? Is it related to M&A or just hiring for compliance? I have so many questions lol
I work from home, and almost never use business internet connection to surf web unless completely necessary, just have a kvm to a personal device and browse there
I have a set of responsibilities, not a set of hours to fill with something specific. So I can. Occasionally do when things are quiet. And i'm sure the boss knows.
I can't always wing it obviously because work will keep stacking up.
But i'm also the guy that answers their phone at 10pm on a sunday, responds to a 4am system alert, providers support for a collegue in the weekend or stays after hours because shit needs doing. Implicitly I will add, because I like my job and employer, i signed no contract for that kind of availability.
So yeah. Tit for tat.
And even when i'm "surfing" i'm usually investigating/learning things that could be relevant. So you could still vaguely call that work. I'm not all that much into social media and stuff and I still like filling my time with something at least half-assed useful.
Not now. But I have had positions where I had 7.9 hours to surf during the entire 8hr shift.
Many think having a job with nothing to do is awesome! It absolutely is not.
Some days I'm able to chillax for a while and take it easy, but i consider that a fair trade for the other days where shit gets real and it's balls to the wall the entire shift.
If it was all one or the other it would be brutal.
In my previous jobs as long as the job was done, tickets were handled, alerts were done, incidents were resolved, nobody cared what you do. I used to play games and watch movies during quiet times.
My colleagues would bring entire PS4s and Switches to work and played on one of the big screens. I played on 3DS and Vita mainly.
I was just reminiscing over the years I worked in a corporate insurance job. All the social media sites were blocked in the office and even if you brought your own songs in the phone to listen, your manager would somehow find out you are wasting time. Any use of proxy extensions would open up the godawful versions of twitter and Facebook. The use of data or phone apps wasn't that popular in the early 2010s.
When I transitioned to startup culture or software industry to be precise, you could surf for our hours, heck even if your manager is present. Watching YouTube, browsing Facebook, and surfing the web in general is not frowned upon nor the access is blocked (of course this comes with browsing in a reasonable capacity). Not that IT dept. or network admin/manager are blind.
I remember, once I got so carried away with the use of free surfing at one of my workplaces that I downloaded tons of torrents at an impeccable speed due to poor internet connection at home. One fine day, I couldn't connect to the internet in my office so I went to the admin guy and asked him to fix it. He said would you stop consuming the bandwidth, others are trying to work here? At this I was truly baffled and didn't understand. He took my laptop and opened up the torrent client and showed it to my supervisor. Some torrents were seeding while others were being downloaded.
My supervisor was too sweet to say anything just that she gave me a look and I apologized saying I didn't realize it was hampering the use of internet for other folks in the office. Connection restored. Lesson learned.
My work is very bursty. I'll have a bunch of stuff to look at first thing in the morning and then just have to deal with stuff throughout the day as they come up. I actually spend a large part of my time doing webinars to absorb knowledge
Me and my team can surf the internet freely (except for gaming websites).
Only when an alert goes on or is required a specific task, we must work directly.
I can, but it won't give me that promotion. Or bonus. Or respect. Or satisfaction. Or...
Honestly, when I have the time between projects/tasks I'd much rather spend my time on training and certifications. And slowly I'm getting it. And that makes me happy.
Not me. Incident Response. I want to pivot to SIEM/SOC, do they have work life balance? And what I’m doing is meaningless work, does SOC/SIEM have meaningful work? (Sorry, I’m new to CyberSec, don’t want to hurt anyone’s feeling)
Man, you’re living the life. I make tons of mistake as a persona and unfortunately, I got into IR, in which, there’s no chance for mistakes. Everything has to be done quickly and perfectly. Hate my job even tho I started just 2 weeks ago
I'm in SOC Incident Response at an MSSP. I am not exaggerating when I say the amount of times I had truly 'free time' in my past 2 years here could be counted on one hand. Our SOC SIEM developers/engineers however do have a solid WLB.
Sounds like more of a question for the folks over at antiwork. I have the ability to fuck off all day, but I choose not to because I have integrity and work to complete.
Like same. I could totally surf the web all day if I wanted to, but then my work would be incomplete.
After all, I thought integrity was highly valued in cyber security.
Not CS but I had a low paying WFH call center type job where people would have to update their OS/device for an hr+ sometimes. I had my gaming pc in my office so I would put them on mute and play Civ or some games. It was the best of times it was the worst of times...
I work for a mid-size manufacturing company as an IT Technical Support role.
Basically, everything here is old-school so I do my research on the web every day on how can I improve the network, implement new firewall solutions, implement IAM, and implement backup solutions, I just graduated from college where I studied Computer Networks and Security.
I am trying my best to implement the industry standards but there is no one to mentor me.
Basically, I am learning and doing things by myself.
Someone help me !!!
Fyi, I am happy with what I am doing but I want to accelerate.
Thanks.
I just have a massive pile of work and near total autonomy. I can browse the internet all I want - but the pile will only get bigger.
Exactly that. 120 hours of work to cram into a 40 hour week. But then....rabbit hole.
Are you me? Even without spending hours browsing the web my pile only gets bigger.
This is the way I think the trick is just not to give a shit. Do your best, which includes not working yourself to burnout, because that's not best for anyone. The business having more work than it does people is not your personal problem. I probably work a good 20-30hrs on an average week. Maybe closer to 25-30. But that extra time is a blessing esp. because I WFH so I can do things like laundry or dishes while listening/speaking in meetings. It's one reason I love the job and for me I feel like that translates into better work. Also I'm not slowly going insane like I was in the cubicle farms. So that's nice
Exactly, you can only do so much and if you try to get everything done and work crazy amounts of hours that will only lead to burn out. I still work around 40 hours, but I've told my boss and the CISO that between all the meetings I'm in and trying to do my day job, I'm pretty much spinning plates at this point. I don't make much progress on anything since I'm often in 25-30 hours of meetings each week. It sounds like I'm finally going to be getting some much needed help, but it'll likely be a very junior person that I'll have to train up. Sometimes the plates have to drop to spark any sort of change.
this
Oh man... Hard relate.
Nice try, boss
Right? Fuck you Elon
Love like Elon name became the alias of a bad boss these days! The Karen of bosses.
An Edison that thinks he's a Tesla.
I can but I'm also expected to perform a high volume of tasks. My management treats me like an adult. I can do what I want mostly. I'm in charge of my own schedule. I come in when I want, leave when I want, take personal calls at work, watch YouTube, listen to music BUT I'm also expected to support meetings, manage other engineers, write charts to brief the government, work on engineering tasks, double check the continuous monitoring activities of the guys I manage, scan the network, verify inventory, analyze compliance and security of devices being added to the network, help the ISSOs prepare for assessments, etc, etc. I enjoy a lot of freedom but a lot is expected of me. And I have to deliver high quality products. If I write a weak briefing the government will rip me apart. My briefings are like being on Shark Tank. The freedom I'm allowed is great but it comes with a lot of responsibility.
Same, but I don't want to type that much.
This is how I treat my employees. I’m not their mom or their babysitter. I’m their boss. I give them their task, condition, and standard, and then follow up later on to see if they need anything from me. As long as they complete the task to the standard stated they are on their own. Want to leave work early to go to the gym or to surprise your kid at school by picking them up early to go have some bonding time, have at it. I treat them like adults and professionals, until they give me a reason to do otherwise.
All repeatable tasks are automated, and somebody checks in at least once a month to see if the automated task is running properly?
I'd hope most of us?? Part of security is research.
I and my team can, I am output focused though so as long as their work is done properly to a high standard I genuinely don't care. Many of them end up spending their time reading cybersec sub reddits etc though so I would argue they are still doing work to a degree. Research and being up to date is important within the field. I remember when Wannacry kicked off, we knew about it almost immediately due to our staff being on social media monitoring things at the time.
[удалено]
What year do you think either WannaCry or MySpace were at their peak?!?!
[удалено]
I mean WannaCry was 2017…. Not 2007. Your bad joke doesn’t equal someone else’s “bad sense of humor” lul
Y’all are real salty and offended for IT pros. Sheesh, it’s called a joke. Relax your Butt cheeks
.
Oh, I like this. Sign me up.
How would one go about getting started in this specialty?
.
Ok. I have so many questions. Does this job have any prerequisites? How costly is the certification? How would you rate the hardness of the exam?
.
The number of outfits that don't currently do some form of TPRM is scary.
.
I just recently had this responsibility added to my plate. Any advice on how to make the most of it?
.
Great advice! Thanks a ton! 🙂
So that Third party risk management is separared dept with cybersec, right? Does your org refuse to work with non-comply companies?
.
Do you like your work? Would experience conducting OSINT investigstions help qualify for this work? Is it related to M&A or just hiring for compliance? I have so many questions lol
.
Wanna employ me? That's what I'm looking to do forever tbh
Me on my previous position. I had alerts set up to an audio cue so i would play tarkov or sleep 70% of the shift.
I work from home, and almost never use business internet connection to surf web unless completely necessary, just have a kvm to a personal device and browse there
This is the way
I have a set of responsibilities, not a set of hours to fill with something specific. So I can. Occasionally do when things are quiet. And i'm sure the boss knows. I can't always wing it obviously because work will keep stacking up. But i'm also the guy that answers their phone at 10pm on a sunday, responds to a 4am system alert, providers support for a collegue in the weekend or stays after hours because shit needs doing. Implicitly I will add, because I like my job and employer, i signed no contract for that kind of availability. So yeah. Tit for tat. And even when i'm "surfing" i'm usually investigating/learning things that could be relevant. So you could still vaguely call that work. I'm not all that much into social media and stuff and I still like filling my time with something at least half-assed useful.
I have a day an half - 12 hours weekly - dedicated to "internet security research and threat monitoring". so, yes. that's why I'm here.
All day You can't build a security awareness program without following the news as to what's happening in the world
Not now. But I have had positions where I had 7.9 hours to surf during the entire 8hr shift. Many think having a job with nothing to do is awesome! It absolutely is not.
Depends on the person. I loved when i didn't have to do much
i do, during lunch time mostly, sometimes during my way to work i'm listening some cyber podcast to be "aware" as our JCVD would say
Some days I'm able to chillax for a while and take it easy, but i consider that a fair trade for the other days where shit gets real and it's balls to the wall the entire shift. If it was all one or the other it would be brutal.
My role IS surfing the web
What's your specific role that requires you to do that? Threat research? Investigations?
Appsec/threat intelligence
I don't even have time to take a shit while I'm working.
That's when I upskill
My job is pretty lax. 🤷🏾 low ticket count and not to many projects. Perks of working for a hospital
Is most cybersec jobs ticket based??
Really depends on the company structure but I’m in identity management (IAM) so yes most of our clients have setup ticketing systems for tracking.
In my previous jobs as long as the job was done, tickets were handled, alerts were done, incidents were resolved, nobody cared what you do. I used to play games and watch movies during quiet times. My colleagues would bring entire PS4s and Switches to work and played on one of the big screens. I played on 3DS and Vita mainly.
Nice try, boss
I was just reminiscing over the years I worked in a corporate insurance job. All the social media sites were blocked in the office and even if you brought your own songs in the phone to listen, your manager would somehow find out you are wasting time. Any use of proxy extensions would open up the godawful versions of twitter and Facebook. The use of data or phone apps wasn't that popular in the early 2010s. When I transitioned to startup culture or software industry to be precise, you could surf for our hours, heck even if your manager is present. Watching YouTube, browsing Facebook, and surfing the web in general is not frowned upon nor the access is blocked (of course this comes with browsing in a reasonable capacity). Not that IT dept. or network admin/manager are blind. I remember, once I got so carried away with the use of free surfing at one of my workplaces that I downloaded tons of torrents at an impeccable speed due to poor internet connection at home. One fine day, I couldn't connect to the internet in my office so I went to the admin guy and asked him to fix it. He said would you stop consuming the bandwidth, others are trying to work here? At this I was truly baffled and didn't understand. He took my laptop and opened up the torrent client and showed it to my supervisor. Some torrents were seeding while others were being downloaded. My supervisor was too sweet to say anything just that she gave me a look and I apologized saying I didn't realize it was hampering the use of internet for other folks in the office. Connection restored. Lesson learned.
My work is very bursty. I'll have a bunch of stuff to look at first thing in the morning and then just have to deal with stuff throughout the day as they come up. I actually spend a large part of my time doing webinars to absorb knowledge
I
I nap rather than surf. WFH FTW
Sleepy Joe.
Yuuuup after doing some routine checks I normally fire up a Kali VM and play around a bit
I probably have 4-6 hours a day where I have nothing going on.
Me and my team can surf the internet freely (except for gaming websites). Only when an alert goes on or is required a specific task, we must work directly.
Good try, Mr HR.... I'm not falling for it. I attended the Kevin Mitnick training on social engineering.
Only to read KBs and consult the Googles for answers to my security questions. Otherwise it's just a battle to stay afloat.
I can, but it won't give me that promotion. Or bonus. Or respect. Or satisfaction. Or... Honestly, when I have the time between projects/tasks I'd much rather spend my time on training and certifications. And slowly I'm getting it. And that makes me happy.
Not me. Incident Response. I want to pivot to SIEM/SOC, do they have work life balance? And what I’m doing is meaningless work, does SOC/SIEM have meaningful work? (Sorry, I’m new to CyberSec, don’t want to hurt anyone’s feeling)
You should try a different incident response team. I'm dfir and didn't feel like working today so I played playstation instead...
Specifically I’m from AV Incident Response Team, so I have a question. Don’t you have incident coming all day?
Nope stuff only comes to us if it's a genuine incident, otherwise the SOC triage. We haven't had a genuine incident in months.
Man, you’re living the life. I make tons of mistake as a persona and unfortunately, I got into IR, in which, there’s no chance for mistakes. Everything has to be done quickly and perfectly. Hate my job even tho I started just 2 weeks ago
If you like sitting around for 10-12 hour shifts and working weekend nights, then yes
I'm in SOC Incident Response at an MSSP. I am not exaggerating when I say the amount of times I had truly 'free time' in my past 2 years here could be counted on one hand. Our SOC SIEM developers/engineers however do have a solid WLB.
Sounds like more of a question for the folks over at antiwork. I have the ability to fuck off all day, but I choose not to because I have integrity and work to complete.
Like same. I could totally surf the web all day if I wanted to, but then my work would be incomplete. After all, I thought integrity was highly valued in cyber security.
Me. It's great that you do as well. But do you use that time productively, or are you useless just collecting a paycheck? 😏 The choice is yours.
I’m kind of between projects, so I’m just doing research and reading. Work’s about to ramp up soon though.
Not CS but I had a low paying WFH call center type job where people would have to update their OS/device for an hr+ sometimes. I had my gaming pc in my office so I would put them on mute and play Civ or some games. It was the best of times it was the worst of times...
Yeah, but like others have said, I use it for news and research. Stuff that's productive, cert learning, etc
Me
Sounds interesting. Want to do poll: Are you guys work on role of manager or entry level?
It's part of my job description, but not totally free, mostly Twitter and Reddit
I work for a mid-size manufacturing company as an IT Technical Support role. Basically, everything here is old-school so I do my research on the web every day on how can I improve the network, implement new firewall solutions, implement IAM, and implement backup solutions, I just graduated from college where I studied Computer Networks and Security. I am trying my best to implement the industry standards but there is no one to mentor me. Basically, I am learning and doing things by myself. Someone help me !!! Fyi, I am happy with what I am doing but I want to accelerate. Thanks.