the reality vs. expectation in cybersecurity.

The I.T as a whole industry is effected by burn out because of the constant up keep in skillsets and technology changes. Doesn't mater if you are a Software Engineers, DevOps Engineers, Sysadmin, Network Engineer... This is expected in this kind of field.

Decided to go back to school for cyber security thinking i would land an entry level job. I passed all of my classes with A's but couldn't get an interview. Was never told to try and get a job in the field while in school. I ended up getting a job in supply chain logistics and killing it because of my experience in SQL. I don't regret going learning and it kind of helped me get into what I'm doing now.

Thanks for being honest with the people. There are a ton of people out there selling something giving people the idea that they can easily get into security. I have 25 years of experience in the industry and it pains me to see some of the ways beginners are being misled.

Grant has done a great job of giving a fat reality check in the field of Cyber. This is a complicated field, only for those truly passionate and dedicated enough to fulfill the missing skill/talent/experience that's needed.

It isn't really about skill or degree it about who you know" facts right there another tech youtuber had said the same connections do matter in this industry.

It is a very interesting industry and the advice I'd give to newcomers would be:
1. Make sure you are having fun (it's a fun job after all)
2. Stay hungry
3. Be curious about everything
4. Work on your work life balance and stress management
5. Knowing when and how to take a break
6. Find friends, colleagues who are passionate about this field. Work on things together, discuss the topic together. You'll grow together
Good luck

I'm learning Linux with the expectation of getting into cybersecurity, and your videos have given me so much. I appreciate that you make these honest takes and share them for free for all of us curious souls

This is correct , the daily work is mostly of triaging the incidents, closing the tickets on soar , reviewing dashboards, giving shift handovers. The burnout is real when you are the only one to tackle the red team incidents , learning new skill sets but I believe this is what we do as in Cybersecurity. We are on a thrill of not getting the company compromised. Learning new ways to defend and harden the security posture.
Huge Respect to our community and I am proud to be in it.

Let me start by thanking you for putting together a video such as this stating the nature of such things. I completely agree with you when you stated that if you are not learning something new every day, you feel as if you are going to get left behind or you feel inadequate. That is something that I feel as well when I wake up every day and I go to work. Its a personal struggle for sure for many people not just those in Tech. The Cybersecurity world has a lot of glamour to it and a bit of a romantic side even but the true nature is that it has a lot of information and a lot of constant work need in order to stay one, two, all the steps ahead of an attacker. Thank you for creating this and sharing this with the the ones who truly need to hear/watch it.

I love your honesty you come across as a genuine person. I love that.

I’ve just started working in cyber a few months now, and I can already agree with the points that you bring up in this video, but I wouldn’t want it any other way. Great video Grant!

I'm a Cyber Threat Analyst for a MSSP and I thoroughly enjoy it. Surprisingly, it's not the actual job that I enjoy the most it's the environment that I work in. I've been able to reach out to cross team members and have them train me on certain things and be apart of different projects to upskill. Looking at logs all day has gotten pretty mundane and I'm searching for more of a challenge.

Cyber is definitely a constantly changing field

Thank you for the honesty!❤️🙏🏼

I'm in industry for over two years as Incident Responder and I agree with most things you mentioned. Getting into this field and maintaining high level of engagement requires dedication. Navigating through different expectations (self included) is challenging and can lead to burnout periods without focus on sustainability. All my cyber people, be brave, choose conscious and be kind to yourself !

Love the honesty, thank You !

I love how real you were in this video. It is needed because a lot of people are selling how easy it is to get into this industry. It requires dedication. I also love how you talked about burn out. It is so true. Thank you for being real.

I love this video because you were being real. Much respect

Great job setting the record straight, Grant

Maan, you are spot on what I am feeling. This is reality. I have been working as a non-experienced cybersecurity analyst and all 3 point are exactly what I have been realizing, it is a lovely career but you can not stop learning, there is just so much to learn.

the alert fatigue really hit home. as i just started gettin into IT and i have other interests that require alot of studying. my time management has gotten more tight, i personally have to work intervals throughout the day and then take a walk or stretch and eat or something. as well as planning time to take a step back from everything (perhaps a vacation) when u can. i do look at the internet/techonolgy as the digital universe and just like our universe, theres so much to cover, adapt to and take in.

I agree with all the points you just mentioned. I am a fresh graduate with CS background and am jumping into cybersecurity.

the reality is that breaking into any major industry is tough. most people are sold on this idea that just getting a degree alone or some certs means you get the job and it's all sunshine and rainbows. it's a lot of work but nothing that should turn you away if you have a passion for this side of the teach industry.

Thank you for this honest clip

Getting my associates degree next semester and I’ve come to realize that there is still tons of information that I have yet to learn. I’ve also had no luck finding a internship or job in any IT related role. Although this sort of makes me want to just give up I’m going to keep on learning new material and implementing it any chance I get. Your videos are very influential and realistic compared to other channels big s/o to you for keeping it real!!

Great content man keep it up

Great video. For me as a person who is working at non-skilled job and learning some python programming for data science and data analysis at online university courses. I already know a lot about the tough realty that I live in. Companies are hiring people with recent experience.

automatic follow after this video. I am currently half way through my degree and this is the most important thing I have consumed. I appreciate the content

Thank you so much for this video! Keep them coming brotha, I love the realistic take.

Great video Grant. Made it very easy to hit the subscribe button.

This applies to many IT positions, or even many skilled, non sales positions. Definitely how hard it is to break in, but also the hurdles to accomplish anything as a junior associate.

You are doing good work with these vids bringing out the reality of things. I think the industry is getting a reality check for years of unrealistic expectations over the years. You definitely have to have a passion for it too - burnout is so real lol so thanks for bringing that up

Thank you for sharing the information and the experience you went through

You post and I drop everything almost immediately to hear what you have to say. lol. Going into year 3 myself and I feel burnout often. I do security, privacy, AND compliance on my team and they all take different approaches. I have to know some of everything from securing infrastructure to knowing different laws and even project management and auditing. I run off the clock at 5 and don’t look back.

Hey Grant! Great video, also loved your last one on IABs. Been subscribed for a while now, we were on similar paths when I found your channel as I went back to college from 2018-2021 and got an IT and Cybersecurity degree. Ended up in a do-it-all type of IT position in local government. This is random af but would you want to start a podcast? I think it would be cool for us to be able to talk about our real world experiences as early career IT professionals that could really help a lot of people exploring or getting into the industry. Could also talk about hot topics in IT and I think we would mesh well together. Either way, keep up the great work man and I continue to follow your journey!

Intellectual curiosity and self motivated lifelong learning are both things that really help as well..

I just landed an analyst position with a market leader and I think it was more timing than anything that landed me the role. There's literally hundreds of jobs advertised, but they all require years of experience, so as a student without professional experience you are going to be fighting to get your foot on the ladder. That being said, it's not impossible, just keep working towards it and take any IT job to get your experience started.

Love that quote "more of a talent and experience gap".
Interesting you are seeing the politics side of cybersecurity after year 2. Its 100% a company culture issue. Not every company is all in with their cybersecurity program. The most valuable skill you can grow (over any technical skill) is to learn how to "sell" the needs of the Cybersecurity program BEFORE a breach.

Still in my first year as a cyber security analyst and it's been non stop learning. Previously, a L2 support for 4 years, but this one year alone has shown me how little I really know. That said, it's a rewarding role since you're constantly learning day in, day out.

Thanks for sharing, I'm about to start my first job in the industry after a long period of studying and working hard to get into it. Excited to be on the journey

The defense in depth buzz word is important, it's a really sound strategy for hardening.

Decided to change careers late in life …15 years of loss prevention/investigations and now studying for my A+ and Security+. Learning a whole new skill set and looking to break into an entry level IT job. Thanks for an honest video. Lots of these boot camps just make it seem like you’ll have a job lined up after completing it and that probably isn’t the truth always.

humble and honest.

Currently in my last semester of undergrad studying cybersecurity and I'm realizing that I really should've taken the time through my studies to maintain my technical skills. I've got Sec+ and currently "backtracking" to Net+ to get a decent refresher on networking. I'd say my biggest regret was not trying to get experience while in school but I'm optimistic about the getting into the field end goal rn is pivoting into cloud security.

I started my first job in cybersecurity a little over a year ago, after about 3 1/2 years in support and I have to admit that I got a little burned out after about 6 months. Mainly, I think I went a little "too hard" my first several months and was literally doing nothing but "cybsersecurity related" activities (finishing school, HTB, reading, podcasts, other things). I definitely found that you need a balance like any other job and it's okay to not further your knowledge every second you're not working. After I found a balance, I've definitely been more at ease and enjoy the space more.

#3 is common for IT in general. At one of my job, alot of people were new to IT (1-3 years) and I can tell they were suffering from burnout. Once you hit the 5 year mark in IT you are a lifer and that's really when you can get the high paying jobs

thank you for saying that all!

wow so relatable mate! Sometimes I think to switch careers to become a developer.

I hear the Cybersecurity domain map helps a lot when it comes to finding a way in based the path you want to take

Thanks for another great vid

Thank you, Grant.

Completely agree with your comments about an organization's culture and people impacting how security happens at a company, and wanted to add that I think there's a gap between "skills that people think are needed" and "skills that are needed." My first role in security came after 14 years of working in other industries and slowly floating in the security direction. My current role is 80% non-technical and I feel an enormous pressure to upskill and am doing so, but also find that I'm able to make big impacts by more general business/communication skills, like running productive meetings, following up on emails that I haven't gotten a response to, and remembering that last time I talked to X person, their pet was at the vet, so asking about that.
I, too, am coming up on over two years in my first security role and am trying to build longevity in the industry. Figuring out what to learn and do next is tough - there's SO much! Thank you for posting and sharing your thoughts. Good luck to you!

My experience from working on and off in it support for 3 years is that i got burned out from it. It sucks to lose your passion for something. A part of me wants to stay in it, but another part of me wants to do something else. It's frustrating being stuck like this.

To help with overload/learning is to do it at work if possible and once you're off....DONT THINK ABOUT IT. Sure I'll read an article here and there but being able to close my laptop and go on with my day/life is great and needed to be fresh.

Been trying to break into it for 2 years now. Stuck on Hell Desk, which is also repetitive.
I have no illusions about the grass being greener on the other side, but getting a company to take a chance on you so you can at least earn experience in the field to put on a resume is daunting.
Not much else can be done about the situation other than continuing to upskill outside of work.
Great video btw.

Sometimes i feel the hardest part of the security side of IT is not, knowing what the attacks are, how to defend against them, or even how to perform them. The hardest part is just convincing the companies and their users to go along with solutions and pay for them when necessary. You have to be more of a salesman than an IT professional. Especially because if there is a major security incident, even if you offered a solution that was rejected that would have prevented it, you're still going to be blamed for it.

I agree with your take on it. Realistic expectations are important.
I've had several people ask me how to get into the space from unrelated careers and I'm self taught on everything with over a decade of professional IT experience alone and 25+ years as a passionate hobbyist tech nerd, so I have no idea how to even answer that, other than to tell them to focus on building their skill set - it's all employers care about, including me when I'm scouting for new team members.
To understand security, you have to first understand how everything works before you can understand how to secure it - it's the first thing everyone should learn but the last thing to be capable of fully understanding. It's not something anyone can easily just jump into - you level up your skills over time and expect to start small, especially if you're not technically inclined and have no experience - no one's gonna pay you 80k a year if you've been working at Kohl's the past decade unless you can show you have the skills to be worth that much.
Can you do the job or not? - is all that matters to employers.
But once you have the skills and are armed with knowledge, you can go anywhere, certs or no certs, and just be like "K. Ask me shit doe." Answer their questions and they're gonna want you like the hot girl at the dance

I agree with everything you said Especially the skills gap. They key is if your company is not huge with lots f different types of cyber professinoals you have to real continue to learn and study outside of your job laerning new things. If you dont do that you will stagnate and have a hard time moving up. Interviewing alot of candidates for mid to senior positions alot are too tool oriented without fully understanding the fundamentals of logs, what a compromised device would potentially look (lateral movement, exfiltration, kerberos attacks, etc..) If you have a solid understand of those things without using qradar or crowdstrike I think quite a few hiring managers would take anyone for junior- mid positions.

I am just getting into it and so far I love it. Sometimes it can get overwhelming but I've always loved to learn new things and be that guy that Is always finding a program or a better way to be efficient. I get board i love solve problems. I also quit and all my cards are on the table. I'm hoping once I gain a little bit more experience I hope I can find an entry level job. 😅

Not exclusively in cyber security but the IT burn out is real. Been in it 8 years and I'm starting to wish I was cutting lawns for a living. At least I'd be outside lol.

I've been a firefighter for 7 years now and I wish I knew how much I would be struggling financially before I jumped into this career. Don't get me wrong, I love my job and no matter what I decide to do this will forever be the best job I'll ever have. Unfortunately, it doesn't pay well. I've been thinking about getting into cyber security and it stresses me out thinking I might not be able to land a job for a couple of years after I have all my certifications and entry level jobs such as front desk might not pay well either.

So true so right 😢 mutual feelings

Really appreciate your effort and do watch your videos thank you Mr)

Those cybersecurity carreer videos lead me to reevaluate and rethink some important stuff i need to come to terms with since my last burn out in the industry. I'm writing a journal about it, and i find your content inspirational. Thanks for the upload!

16 years in the industry, recent role security engineer, this is spot on :)

Thanks for your content it's very enjoyable! - Keep up the good work!

Bravo to you Gran

Love the take, but as someone who was born in a poor community trying to get into cybersecurity I can never be burn out of it just because the financial gain of it. Its my motivating factor for me to get more certs, more networking with people, going to tech conferences, learning something etc. Idk who can relate but thats my take on being burnt out.

As a cybersecurity student myself, I have been told to look for a job in the industry while still in school. I've been following this advice and looking for a job for a few months now. I am having an extremely difficult time. I don't have a degree, I don't have any certs, and I don't have any experience, so I get turned down for even "entry level" positions. It's rough out here.

I’m actually starting a bootcamp thing that’s like 3 months long. You get 5 certifications from it. Doing this while I just make a living from home anyways so i thought why not. There are several different ways you can pay for the training and I chose for it to be deducted from future salary until paid off. They only deduct when you are making a certain amount and you are only required to pay them back if they land you a job which is cool so I said why not. Worst case is I don’t land a job and learn a bunch of stuff for free. Best case I land a job and pay them back, and if they get me a good job I’ll pay them back fast. I mainly want to try it out because I like the field and the remote work.

Expectation: You'll be wearing a cape, cracking codes, and saving the world from cyber attacks with a single click of your mouse!
Reality: You'll be constantly updating software, running scans, and attending security meetings.

The only solution for burnout is to switch domain, let's say from SOC to detection or threat hunting, and vice versa. All points you made are 100% right.

Yeah that first point I definitely resonate with. Everyone always talks about how cybersec is a booming industry and for me, I'm trying to change careers into cybersec right now I've obtained a bunch of certifications and applied to 40+ job postings and pretty much getting ghosted in all my applications. Most employers don't want you unless you have job experience but the question is....how can people get experience if no one is hiring. Sad times

The silver lining about those entry-level jobs vs the higher paid positions is that once you finally break in, you begin to understand exactly how you can grow into those higher up positions. I'll be hitting that 1 year milestone this year and I feel like I'm basically in the same spot as you. On top of the alert fatigue, I've noticed that sometimes I'm the only one taking a critical approach to our processes. Which is good for me, but it kind of puts me in a lose-lose situation because if I identify a new issue, guess who gets assigned all the work to fix it? 🙃

I'm trying to get into cyber security, but I never had an experiences of basic of I.T since they never had one in the first place. So it's gonna be very hard for me to adapt to certain things since it 's not too friendly for beginners.

Great video! thank you for posting it. I wish I've seen it last April when I started to work on my sec+. I worked with DOD overseas. decided to change my career to cybersecurity. I was under the impression of having the sec+ with security clearance along with DOD analyst experience would be enough but it's not! the job market is crazy. I am competing against experienced people with a lot more to offer and it's almost impossible to find a cyber position that doesn't require more than 3-5 years of hands on experience! I am regretting it already. I just couldn't be away from family forever so I was hoping to settle having a M-F job in cybersecurity but I guess I was wrong! tired of applying and not hearing back or being ghosted out by interviewers....

Took me 2 years on the dot to land a job in Cybersecurity from scratch.
I agree that recruiters are looking for more than technical ability.
Also great point on the culture and awareness piece.
Your videos helped me a lot - thank you.

I have recently thought about how much psychology would be beneficial for cybersecurity such as criminal psychology and organizational psychology. At the same time I am about 9 months away from having my degree and will be starting my job hunt soon.

hey thanks. that was helpful.

So true, I have a bachelor's degree in computer network a cybersecurity certification and I definitely thought that I was going to get a job in the IT field easily. I've applied for so many jobs in the reality is without experience is much harder.

cybersecurity is a lifestyle. It's not for everyone. If you are not 100% serious with it: breath it, drink it, eat it; then it may be a little tedious for you.

There are not unfilled jobs in cybersecurity. Maybe there should be to protect our data but there is no money for it. Security is always considered optional and is the first thing to be cut.

A very honest video. The burnouts are real. The stress and churning out of new stuff every hour is tiresome.
Hey, but come to think of it, we soldiers in the cyber space, protecting the vulnerable. It's a price we pay for choosing the cybersec path.

Would you think it’s a better route to take Software Development vs Cybersecurity? Both of these fields are growing significantly with the latter increasing based on what I’ve researched. Though, to get your foot in the door requires projects to present to potential employers as your “hands on “ experience. The degree and or certificate can help, but need to showcase your ability to either code or know the intricacies of either of these two career paths.

Im a veteran with no cybersec experience in the military and went back to college for a cybersec degree. Its still disheartening putting in all these applications and getting rejected. Ive often thought of just reenlisting. I hated my life but at least I could afford some more consistent things...

With your resume it also helps to write your years of college as experience. Technically it is, as you've been working on all sorts of projects throughout college. A real job usually focuses on about 10% of that, with most of it dealing with the ticketing software and other software/processes, but sometimes, depending on how your resume is written, it can help out. I got an entry level IT job and whilst it's not the one I wanted, it's far better than a retail job.
I also feel that when it comes to organizing life and managing burnout, that the best thing to do is, for me, to set specific general goals. That is, for my training, they want me to get a certification. So I pick three days where I study heavily and 2 days where I study a little lightly. Makes it much easier to manage. But you have to stick to it.

I’ve been in it for a few years but always a student.

IT Support Tech, working on my Sec+ cert and wanting to move towards CyberSecurity career

Dude I’ve been recently experiencing every single thing you said about feeling like you’re not growing, falling behind and even imposture syndrome. I appreciate you mentioned this is something you have to deal with, but I was curious to know, how you deal with this on a day to day. I recently experienced heavy burn out on my consultant/pentest job by over working my self because of those reasons you mentioned, and I wanted to know what your approach to this is. I know it’s not a straightforward answer but even a small advice can go a long way as I know it’s a process.

Im a student who got an internship as a pen tester last summer and that made me realize the field was not for me, respect to those who continue in the field but I would rather just code

I am a student for i.t tech computers and I find it very interesting and just doing basics is pretty difficult

I feel like a lot of it has to do with who you know. Getting into cybersecurity without knowing anyone already in it, is a lot harder than if you have a reputable voucher.

i was hoping to get some tips on if i should go to college for cybersecurity or not? community college, or just getting certifications online? thanks!

finished a bootcamp certificate program and got net+ and sec+ certs. Now the hard part: to get that interview and hopefully job. 🤞

I am just getting into this field and trying to see what information is out there

Yall ever notice something like how we benefit from analytics in our lives like being able to see the most replayed portions of the video and skip the intro to where he skips the fluff but also say to yourself wow this is a lot of data they have on our behaviors wonder if thats actually a bad thing and wonder if anyone else had that same thought and look through the comments to see if someone made a comment about it but then think no one over thinks little things like that the way you do and just shove the thought to the back of your head?

Tbh, if you want to get into cyber the easy way just join the military. Serve a few years in a cyber MOS/rate( most of which provide a pretty comfortable living- you should focus predominately on the Air Force/Space Force), soak up all free training courses/certs that are available, get a TS/SCI with a polygraph, and actually walk out with a 6 figure job lined up for a defense contactor or even a government agency. I have done this myself and know a ton of people that have followed the same route. Its much easier than trying to break into cyber with as a civilian with zero experience.

I’m literally in the same position as you were in, I just finished my degree and have a few certs under my belt. Iv been applying for jobs online since I graduated 2 weeks ago. How would you recommend getting my foot into the door? Looking for internships/graduate programs?

I am a senior in cybersecurity degree I said I will give my self 1 year after I graduate before I just get a trade someone said they expect so much cause we have way more resources then people in the past

I'm a SWE with 6 YOE. I am looking to make the switch over to cyber security (have a road map of the certifications i want to get). Once I am ready would i still be applying to entry level positions or would my SWE experience let me apply to more mid level?