I am really glad that I took the cyber security 101 course in college and the professor beat the idea of it being interesting or exciting right out of me. Steered me clear of a less engaging path (for me at least).
Most corporate security is about compliance, audits, regulation and balancing the need for security with the needs of the (often stupid) users. Very little of it is actually tech. There is pentesting and malware analysis for the actual "tech" stuff but it is quite a small market to be honest.
I get that impression too. I do some cybersecurity type stuff as a hobby and was hoping to make a business out of it somehow but it doesn't seem to be a easy market to crack.
> somehow but it doesn't seem to be a easy market to crack
There are 2600 companies in the space and they almost all do one small thing (and lots of them don't do it terribly well).
It turns out what every company wants is more of a comprehensive turnkey solution than exists, or at least a highly modular framework that can accept modules from other vendors. Companies generally don't understand that security is an attribute of everything, it isn't an end product. Hence executives would rather pay for a blinky box than remember to incorporate security planning into every other expense. Also most companies aren't willing to pay much to a cybersecurity vendor because cybersecurity is largely seen as a cost center and not a profit center (because that's accurate most of the time).
I got into bug bounties for a little while, but the work is tough. Selecting a program which pays out enough and doesn't have all of the low-hanging fruit picked is difficult. It's the kind of work where very well organized bounty hunters will take the lion's share of the winnings, which doesn't lend itself well to developers who can make a healthy salary elsewhere.
What’s military cyber security like and how does it compare with consumer or enterprise security? I‘d wager the appeal of cyber security is mostly in the domain of military. Think stuxnet or NSA
Nah, having been on active duty being involved in cyber warfare and later joining the corporate world, the latter is so much more advanced and interesting, with generally a lot better people.
My impression as well. I was thinking getting a career shift into pentesting (rumor has it that it's remote-friendly as well) but after a few job searches I came to see that the job market is tiny.
Many cases you set up something like Alienvault or Cygilant and then it never gets looked at again...huge waste of time and $ in the name of compliance
