Lesley Carhart Jun 16, 2024

Two controversial pieces of cybersecurity career advice I give to a lot of people I talk to on mentorship calls:

1) Don't become a manager unless you genuinely want to be a servant leader and devote yourself to people and program management for the joy and fulfillment of it.

2) Don't become a red teamer unless you genuinely in your heart of hearts want to be a red teamer, you understand what the role entails (even the boring parts), and you are willing to very deeply commit extra time and effort. They're generally much more competitive roles.

Show threadGraham Sutherland / PolynomialJun 16, 2024
@hacks4pancakes second one applies to general pentesting too. you are going to spend around 70-80% of your working hours on short (1-3 days) engagements for very uninteresting cookie-cutter webapps, build reviews, VAs, etc., writing reports for those tests, writing scopes for those tests, and on calls with clients and account managers to discuss the tests and the reports. it's the core loop of the job.
Show threadGraham Sutherland / Polynomial
@hacks4pancakes there are cool specialised roles out there for senior positions, but you generally have to do your 5+ years in the trenches first, and it's *really* not worth it if that initial job loop isn't at least somewhat enjoyable to you.
Jun 16, 2024 at 6:43pmWeb