Lesley Carhart Jun 16, 2024

Two controversial pieces of cybersecurity career advice I give to a lot of people I talk to on mentorship calls:

1) Don't become a manager unless you genuinely want to be a servant leader and devote yourself to people and program management for the joy and fulfillment of it.

2) Don't become a red teamer unless you genuinely in your heart of hearts want to be a red teamer, you understand what the role entails (even the boring parts), and you are willing to very deeply commit extra time and effort. They're generally much more competitive roles.

Show threaddeedasmiJun 16, 2024
@hacks4pancakes The second is a big one. My work bought everyone on incident response OSCP. I’ve done red teaming before. It’s not my jam. I don’t enjoy it. I think a lot of my coworkers found out it wasn’t for them too haha. A lot of them enjoyed learning some of the how, but they all got frustrated at how much extra is involved in the trade.
Show threadLesley Carhart 
@deedasmi I would NEVER dissuade someone who has done the homework and knows it is what they love. It's a matter of having a killer training background and resume, then.
Jun 16, 2024 at 6:32pmWeb
Show threaddeedasmiJun 16, 2024
@hacks4pancakes absolutely! I handed my seat off to a contractor that didn’t get the benefit. I joined most of the study groups and helped where I could blind. It’s also amazing for a blue teamer to see how a red team works and how TTPs develop. People just see how many zero days and hacks are happening in the media and they make assumptions of what the work is like. It’s not glamorous until it is for a brief moment. Then it’s back to hard, detailed work.