To all those system and network administrators out there, who are thinking of jumping onto the infosec bandwagon, pentesting style because of the glamour quotient…
While offense is glamorous, defense is better. Here's why.
While cyber security has lot of career options (SANS has their Top 20 coolest jobs), most can be put into either of the two baskets: -
- Offense- break it (penetration testers, red teamers, vulnerability researchers, people who identify 0-days, bug bounty hunters - they all fall into this bracket). Job #s 2, 16, 17, and 18 in SANS Top 20 coolest cyber security careers belong in this bucket.
- Defense- defend it (digital forensics, threat hunting, SOC analyst, malware analyst, etc.). All the other Jobs (except the ones mentioned in the last point) belong to the defender’s bucket.
While it is NOT possible to focus in one area, without touching upon another, (e.g., becoming a world-class threat hunter is difficult without understanding how an adversary compromises a system/network), it is still possible to eke out a comfortable living in any bucket so long as you know answer to - why cyber security?
Your experience in network and system administration will be extremely valuable in the ‘Defense’ track.
Blue team training platforms (LetsDefend and BTL for example) run courses and accompanying certifications that should give you a glimpse into some of the defensive tactics and how a typical defender’s day looks like. I am hopeful that you will be able to connect various activities to some of those that you did in your previous career. I have written about a pentester’s day that you can look into, as well - if you like offense. If you end up liking defense, doing a course on one of the above platforms will give you better chances in Interview.
You won't be treated as a fresher in 'defense' roles because lot of activities in defense requires the skillsets that you already have (as an administrator) - intimate familiarity with the IT systems and experience running them as administrators.
[originally published by me as a response to a question on Quora - https://www.quora.com/Should-I-get-a-CEH-or-Cysa-to-get-into-cyber-security-For-background-information-I-have-been-a-network-engineer-sysadmin-for-about-5-years-and-currently-hold-a-network-and-security-I-am-also-about-to-graduate-with-a/answer/MS-Sripati]