What I'm learning from my last few posts is there are a lot of people out there who really have no idea how vast cybersecurity actually is. "How can someone work in cybersecurity if they don't understand how to configure a switch" "I wouldn't trust a cybersecurity professional who doesn't know how to add a computer to a domain" Just a few of the comments I received. What if I told you I've never in my life touched a corporate network? Nor do I ever want to. I don't know how to set up Active Directory, nor can I tell you how to configure a switch. What I can tell you is exactly what threat actors are doing, what systems/applications/protocols they're targeting, which exploits or techniques they're using, how their implants work, and what commands they'll likely run on your endpoints when they gain access. I've spent decades monitoring all kinds of threat actors from criminals to APTs. I don't need to understand your specific technology stack, because it's not my job to secure it. My role is giving high quality actionable intelligence to the people who do understand enterprise IT, so they can make informed decisions on when, where, and how to deploy security measures. I've also detected and prevent over a thousand ransomware attacks without ever having set foot on a company endpoint (and I'm counting WannaCry as only 1 of those 1000). In many cases, those companies had blue teams full of people who understand the organization's tech stack like the back of their hand. What I offered was a different perspective. I was on the outside looking in, just as the threat actors were. This is only a single example of the many areas of cybersecurity that aren't "doing stuff on corporate networks". There's also plenty of completely non-technical roles out there too, we just rarely hear about those because they're not considered "cool". Telling people they need to take a specific path and have specific skills to do cybersecurity isn't just wrong, it's actually harmful. Here's a nice map from Henry Jiang that gives a small window into how vast cybersecurity is.
Shift left is not a domain, it’s a buzz word like zero trust or SOC2. 97%(except SOC, Pentest,IR) of these domain don’t mean anything if cybersecurity is still considered as a cost center and not a revenue generator to 100% of clients. We can fix that by displacing cyber pros in software engineering field and give up their current position to AI automation and ship secure by design products to customers to reduce cyber attacks.
"I've spent decades monitoring all kinds of threat actors from criminals to APTs", doesn't this phrase sound ambiguous
Adding Generative AI to this…
Link to the source of the image pls? I'd like to suggest adding reverse engineering and malware analysis.
So you only do stuff that an AI agent can do... If you can't actively provide anything besides knowledge and aren't actionable, you're a dime a dozen, will be and are already being replaced.
I'm reminded of a job interview a few years back to join a team upgrading a hospital group to Windows 10. The interviewer quizzed me on things like imaging computers (and imaging software), active directory, how to take a proper backup, troubleshoot POST and on and on and on. They REALLY wanted you to have a Sec+ which at the time I didn't, but I still got the job. We never touched ANY of the sh*t they grilled us on in the interview. Not one thing. I never imaged one computer. It was straight up hardware replacement, setting up workstations and classrooms. So...since they didn't hire people or ask the interview questions relevant to the actual job, we had people (and supervisors) on the team who didn't know their cables, knew nothing about WiFi and troubleshooting connection issues, one guy had never connected an Ethernet cable, never set up up ANY peripherals, never worked in a business around adults, didn't know how to speak to medical staff (or people for that matter), knew NO HIPPA rules, people were daisy chaining surge protectors...and on and on and on. In their minds, they had a hard time finding qualified people. In my mind they had no idea how to hire people or what the actual job was.
In my estimation this is the line between old guard and new. Those who have been in the field before security became a discipline all its own it was expected that you had experience in a lot of different areas. There was no Google, only manuals, so solutions were dependent upon familiarity, to a degree. Things have changed and it's no longer as important to know a bit of everything. I see both sides, neither being right nor wrong, as per usual, it depends on the job and skill level required. Having configured switches, I can more effectively spot problems or understand the source of a breach. That said I don't use that information much these days.
Threat Actors don't have help desk or sys admin experience ... they just know what they need to know to attack. Some cybersec professionals need to think and act like an attacker not a defender.
Reverse Engineer, CEO, CTO, Offensive Cyber, Principal Investigator, Research Scientist
2wAn important part of cyber security is human interaction. Helpdesk is one place (though not the only one) where you can learn some relevant skills such as: -Conflict de-escalation and resolution. - Empathetic listening. - Finding compromises that work for both parties. - Hearing and speaking to differing levels of technical understanding. - Listening to concerns, but using empirical evidence to solve technical problems and disputes. There are more but that's a good starting summary. Not everyone takes these skills away from a helpdesk position, but most that I have worked with do. Based on your posts and responses you likely would have benefited from help desk work in ways you haven't considered.