Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

What Working in Cybersecurity is Really Like: A Day in the Life

IT Pros

icon of working in cybersecurity

There are a lot of reasons to pursue a career in cybersecurity. Across the board, cybersecurity roles offer competitive pay, growth opportunity, job security, exciting day-to-day tasks and the chance to make a difference. Cybersecurity careers don’t only consist of white hat hacking, there is a huge variety of different avenues that are fit for different personality types.

To help you explore those options, we asked cybersecurity experts about their experiences, background, day-to-day schedule, advice and the pros and cons of their jobs. Some of the job roles we cover include Security Engineer, CISO, Security Analyst and less-traditional cybersecurity subsets like cyber law and sales.

Try out a free security training course to earn CPE credits and get an understanding of the different cybersecurity tasks that you could encounter on the job.

Top Skills the Professionals Recommend Having

working in cybersecurity advice: soft and hard skills

The skills most mentioned by the cybersecurity professionals we interviewed include:

Soft Skills:

  • Active listening and clear verbal and written communication
  • Attention to detail
  • Humility and the curiosity to seek new skills and information
  • Creative and technical problem solving
  • Adaptability and a team mindset
  • Radiating calm when it feels like a storm

Hard Skills:

  • Explain technical topics in plain English
  • Computer science fundamentals
  • Pick up a subfield and become an expert in it
  • Know at least one programming or scripting language
  • Being familiar with the attack tools/techniques in the Mitre Att&ck framework
  • Tracking complex engagements and manage multiple pieces of evidence
  • Information management and high-risk decision making

A Day in the Life of a Cybersecurity Professional

You’ll see that in the positions below, we’ve categorized and diversified the respondents, but it’s important to note that many security professionals wear various hats and transcend the job description of just one role. The national average salary, education and job growth have been pulled from the Bureau of Labor Statistics (BLS).

Note that the salaries listed are not entry-level, but the average pay for that position throughout the United States according to the BLS. The salaries listed do not represent the respondents’ salaries nor are they provided by Varonis. They are for educational purposes only. You should expect to see your own salary change based on your experience, location and the different responsibilities of your position.

Click the menu below to jump to the career you’re interested in learning more about:

Download a condensed visual guide of tips below:

1. Solution and Security Engineer

working in cybersecurity advice: whatever it takes attitude

  • Education: Bachelor’s degree
  • National Average Salary: $133,115 *
  • Growth: 12%
  • Stand-Out Skill: Perseverance and persistence to help solve problems
  • Pro: Solving customer business case problems
  • Con: The paperwork of tracking expenses
  • Piece of Advice: “Dive in with both feet and don’t look back. You are going to make mistakes, but take away the positive and don’t dwell on the negative.”

Charles Feller, Solution Engineer at Varonis

Main Takeaways:

  • Be able to communicate complex issues and build a trusted relationship.
  • You need to build your portfolio and create a track record of success and referrals.
  • You have to be willing to adapt to change and be willing to always be learning.

Q: Advice you’d give to someone who is interested in pursuing your career?

A: Dive in with both feet and don’t look back. You are going to make mistakes, but take away the positive and don’t dwell on the negative.

Q: Briefly describe the path that got you to where you are today.

A: “I have always been drawn to Technology and the opportunities around the changing environment. I started as an application training which quickly transitioned into networking and infrastructure positions around consulting and education.”

Q: Was there a particular moment that made you interested in pursuing this career path?

A: “The ability of constantly being challenged to learn new and emerging technologies.  You have to be willing to adapt to change and be willing to always be learning.”

Q: Out of the things that you did to prepare for this job, what prepared you the most for success?

A: “You have to be willing to take a “whatever it takes” attitude to solve the problems.’”

Q: What does a typical day look like for you?

A: “There is no typical day. You have to be fluid, adaptable and willing to change gears based on customer needs. A typical day is 8-10 hours made up of customer development, technology learning, relationship building and problem-solving.”

2. Consultant/Cybersecurity Business Owner

working in cybersecurity advice: understand the different markets

  • Education: Bachelor’s degree
  • National Average Salary: $92,600 *
  • Growth: 28%
  • Stand-Out Skill: Understanding the various business markets
  • Pro: Flexible hours and schedule
  • Con: Administrative tasks
  • Piece of Advice: “Focus on what is important in the business and help protect it … by asking the right questions, we can at least understand where potential threats lie.”

Rob Black, Owner of Fractional CISO

Main Takeaways:

  • Ask questions, for some seemingly simple cybersecurity problems, there are no great answers.
  • If you are interested in cybersecurity, then start today! Listen to cybersecurity podcasts, follow cybersecurity people on LinkedIn, buy a cybersecurity book.
  • Pick a cybersecurity tool such as Nmap, Wireshark, Nessus, BurpSuite or one that interests you and become an expert.
  • Cert recommendations for “cybersecurity professionals who are one year in should pursue their SSCP. Those that are five years in should get a CISSP. Both are excellent certifications from ISC2.”

Q: Advice you’d give to someone who is interested in pursuing your career?

A: “It’s my experiences that have shaped me. I wouldn’t change anything. I wouldn’t be who I am today without them. If you are interested in cybersecurity, then start today! Listen to cybersecurity podcasts, follow cybersecurity people on LinkedIn, buy a cybersecurity book.

Pro tip: pick a cybersecurity tool such as Nmap, Wireshark, Nessus, BurpSuite or one that interests you and become an expert. Blog about the tool with original content that can’t be found anywhere. Apply for an entry-level cybersecurity job. You will be rewarded with an interesting career for decades to come.”

Q: Briefly describe the path that got you to where you are today.

A: “I run a small cybersecurity consulting company where we create and manage a cybersecurity program for medium-sized clients. I got into the industry when I joined RSA Security in 2007 working on their multi-factor authentication product. After leaving RSA, I worked in non-security companies responsible for various security functions.

After a couple of jobs and many lessons learned, I realized that every company needed what I did – a security person who could make good cybersecurity decisions for the organization. So I started Fractional CISO.”

Q: Was there a particular moment that made you interested in pursuing this career path?

A: “I have always been interested in technology and in particular the dark side of technology. Security became such a natural fit.”

Q: Out of the things that you did to prepare for this job, what prepared you the most for success?

A: “The cybersecurity industry is in its infancy. The best way to deal with uncertainty is to ask good questions. For some seemingly simple cybersecurity problems, there are no great answers. By asking the right questions, we can at least understand where potential threats lie.”

Q: What does a typical day look like for you?

A: “I am a small business owner so my workday is long. There are many in cybersecurity, however, who have 9-5 jobs. I have met so many people who may be great at cybersecurity saying that they don’t want to work in the industry because of the long hours. You can work in cybersecurity and have pretty normal hours.

Every day is different. I typically meet with several of our clients every day. One day we might be working on policies. The next we are updating their risk assessment. Another day we may be looking at the access controls of some of the key systems. One of the great things that I love about cybersecurity is how varied the activities are. The rest of the day is focused on managing the team, performing administrative tasks and speaking with potential future clients.”

3. Developer and Pentester

working in cybersecurity advice: show curiosity to learn

  • Education: Bachelor’s degree
  • National Average Salary: $105,590 *
  • Growth: 21%
  • Stand-Out Skill: Humility and the curiosity to learn more
  • Pro: Team collaboration to solve issues
  • Con: Having suggestions be ignored
  • Piece of Advice: “The best people in this industry have a deep respect for being aware of how much they don’t know, and that really sets apart the entry-level positions from the leadership roles.”

Bryan Becker, DAST product manager/application security researcher, WhiteHat Security

Main Takeaways:

  • It’s a small industry, so respecting others will take your career a long way.
  • Everything you need to know is online, as long as you are willing to take the time to read. Look for communities of other people who are learning.
  • Think outside the box, the industry itself is relatively young, so many problems still don’t have a best-practice solution.
  • The OSCP cert is the Harvard MBA of hacking, and is really hard to complete. It’s also, in my experience, the only certification that actually impresses other hackers. It’s not necessary for an entry-level position, but it absolutely will impress any person hiring.

Q: Advice you’d give to someone who is interested in pursuing your career?

A: “The internet is your friend – just start reading about it and looking for entry-level jobs. Everything you need to know is online, as long as you are willing to take the time to read. Look for communities of other people who are learning.

Stay away from anything that isn’t 100% above board. Despite what you may think, in 2019, that will not earn you credibility in this industry. If I was starting over, I guess the advice I would give myself is just to make myself aware that this industry existed. You can actually get paid for doing this thing you enjoy as a hobby!”

Q: Briefly describe the path that got you to where you are today.

A: “I’ve been a developer my entire career, working almost entirely in startups. This background definitely gives me an advantage in this industry, but I also don’t think it’s a prerequisite.”

Q: Was there a particular moment that made you interested in pursuing this career path?

A: “I’ve been interested in computer security my whole life, but only relatively recently discovered that there was a proper industry around it.  I “hacked” my first computer system in school when I was 9. There were no real access controls on the system then, so I could just change whatever I wanted on all the computers. It wasn’t really “hacking”, but it felt that way to a 9-year-old!”

Q: Out of the things that you did to prepare for this job, what prepared you the most for success?

A: “Just keep reading and stay up to date, and always take feedback from as many people as you can get.”

Q: How long is your typical workday? What does a typical day look like for you?

A: “I don’t really have a typical day in my current role as a product manager. I spend my week meeting with various teams to better understand what they are working on, throwing around ideas with our research & engineering teams, learning more about customer problems and how they are tackling them, and making PowerPoints that sum up everything to share with a broader audience.”

4. CISSP/CIO: Cybersecurity Leadership

working in cybersecurity advice: hands-on experience

  • Education: Bachelor’s or Master’s degree
  • National Average Salary: $142,530 *
  • Growth: 6%
  • Stand-Out Skill: Pushing the limits of what’s possible
  • Pro: Making important decisions to lead a team
  • Con: Repetitive administrative tasks
  • Piece of Advice: “No amount of formal education can substitute for hands-on experience… education is important, but it’s not what differentiates good from great.”

Steve Tcherchian, CISSP at XYPRO

Main Takeaways:

  • Find a mentor, then listen and learn. The best leaders will be energized to share their experiences – both positive and negative.
  • Don’t be afraid to push the envelope. Respect the processes in place but it’s okay to question them.
  • Adaptability – Just because you thought of something doesn’t mean someone cannot build something better on it. Allow for that.

Q: Advice you’d give to someone who is interested in pursuing your career?

A: “I would suggest to anyone deciding to enter this line of work is to find yourself a mentor – listen and learn. The best leaders will be energized to share their experiences – both positive and negative – and want you to do better than them.”

Q: Briefly describe the path that got you to where you are today.

A: “I worked for 3 years for a company called EarthLink running their High-Speed Internet support department.  After EarthLink, I started my own company called ComputerNine providing technology and security services. It was exciting! I had clients in the US, Canada, Australia, Hong Kong, Korea and Costa Rica.

At 22, I was strongly advised to formalize my education with a college degree, so I graduated from Los Angeles Pierce College then went on to Cal State University Northridge focusing on computer science. Code, Development and technology always came naturally to me… I saw a huge opportunity with one of my long term clients, XYPRO, and decided to take a full-time role. I seized all the opportunities presented to me…”

Q: Was there a particular moment that made you interested in pursuing this career path?

A: “I wouldn’t be able to put my finger on a particular moment… I was always interested in breaking things and pushing boundaries — a personality trait that luckily manifested in technology.

I started by writing random “programs” and “warez” at a very early age which also led to interactions with other like-minded individuals. Hacking, data privacy, social engineering and general security wasn’t really a thing in the early 90s, so those of us who understood that and how the internet worked had a real advantage.”

Q: Out of the things that you did to prepare for this job, what prepared you the most for success?

A: “I personally believe no amount of formal or institutional education would have substituted for the types of hands-on experiences and challenges I was lucky enough to be exposed to. That along with having a professional mentor to learn from primed me for the best chance at success in my current role.”

Q: How long is your typical workday? What does a typical day look like for you?

A: “ A typical day would be 10-12 hours long to ensure enough coverage of customers in all time zones.

I’m the prime definition of a morning person. I usually wake up very early – around 4:30 am –  and may jump on calls with Europe or Africa. I like to tackle the most important issues that came in overnight right away, then ensure my teams have all the necessary feedback they need in a timely fashion to keep moving forward.

 

This usually lasts until about 7 am when I spend 90 minutes on family time getting my daughter ready for school, breakfast and school drop-offs. In the office by 8 am for morning meetings and conference calls. I usually keep the afternoons free for catchup work – and in the evenings may have more conference calls with Asia and India customers.”

5. Security Analyst

working in cybersecurity advice: build up a niche expertise

  • Education: Bachelor’s degree
  • National Average Salary: $98,350 *
  • Growth: 32%
  • Stand-Out Skill: Managing multiple pieces of evidence and information
  • Pro: Getting to help businesses shore up their security
  • Con: Schedule is at the mercy of cybersecurity incidents
  • Piece of Advice: “There is so much to learn and know about in the security space, try to pick apart bite-sized pieces that you can chew through one at a time.”

Ian McEntire, Security Analyst at Varonis

Main Takeaways:

  • You can take an ‘unorthodox’ path and be successful.
  • Podcasts are a helpful and convenient resource to learn and stay up-to-date.
  • Get familiar with the attack tools/techniques in the Mitre Att&ck framework.

Q: Advice you’d give to someone who is interested in pursuing your career?

A: “There is so much to learn and know about in the security space, try to pick apart bite-sized pieces that you can chew through one at a time.”

Q: Briefly describe the path that got you to where you are today.

A: “Undergrad was international relations, worked in consulting after graduating. Totally unrelated to security. Heard about Stuxnet, got interested in security, got an MS in Information Security, worked as a security analyst for the Department for Defense, and after that came over to the vendor side.”

Q: Was there a particular moment that made you interested in pursuing this career path?

A: “Definitely hearing about Stuxnet for the first time. I knew cybercriminals could steal information and commit fraud, but knowing that physical destruction of complex industrial systems was a possibility scared the crap out of me and I knew I needed to learn more about what was possible in that space.”

Q: Out of the things that you did to prepare for this job, what prepared you the most for success?

A: “I can’t point to a specific thing, but I would say constantly looking for resources of information. There is so much to know in the security space (both old stuff to get caught up on and new stuff to stay on top of), I’m constantly looking for blogs and videos and podcasts to expand my knowledge base.”

Q: What does a typical day look like for you?

A: “Long. Meetings are typically scheduled from 8 am to 6 pm, but security incidents don’t really care about when you’re scheduled to be working so we’re very schedule-flexible.”

A typical day is all over the place. We’ll have an investigation or two, run through some security lab attack demos with prospective customers, and then taking customers through our DLS OPS process to make sure their DatAlert install is working for them as intended.”

6. Cybersecurity Law Professional

working in cybersecurity advice: network and show off your skills

  • Education: Doctoral or professional degree
  • National Average Salary: $120,910 *
  • Growth: 6%
  • Stand-Out Skill: Reading comprehension to analyze cyber laws and create policies
  • Pro: Highly sought-after and necessary across businesses
  • Con: Administrative paperwork
  • Piece of Advice: “Being willing to put yourself out there, develop the skills, and let people know that you have them.”

Anne P. Mitchell, Attorney at Law, CEO at Institute for Social Internet Public Policy (ISIPP)

Main Takeaways:

  • Compliance law is a great specialization, it’s a hugely growing field that all businesses need.
  • The ability to explain the technology and security issues in plain English for a less technical audience.
  • Reading comprehension is important to analyze cyber laws and create cybersecurity policies that comply with those laws.
  • Consider becoming certified or take courses about compliance and cyber law even if you aren’t interested in being a lawyer.

Q: Advice you’d give to someone who is interested in pursuing your career?

A: While one wouldn’t think of this as a path to a cybersecurity job, go to law school! There is a huge dearth of people with legal+cyber backgrounds. That’s one of the reasons I am one of the only GDPR compliance consultants in the U.S. GDPR is a law that’s over 100 pages, and it’s dense, and eye-crossing, yet every business needs to comply with it.

Q: Briefly describe the path that got you to where you are today.

A: “I graduated from Stanford Law School in 1992. In 1998 I closed my private practice and went in-house for the first anti-spam organization, MAPS. From MAPS I was brought in as CEO of another anti-spam startup.

Upon leaving that startup, I founded the institute, where I am today. In addition, I was a law professor at Lincoln Law School in San Jose, until I moved away from California. Recently Lincoln brought me back in as the Dean of Lincoln’s Cybersecurity & Cyberlaw programs.”

Q: Was there a particular moment that made you interested in pursuing this career path?

A: “Honestly, the career pursued me. There came a point at which I realized that I was one of the few people who [had the knowledge and ability in cybersecurity law] — that was back in 2003, and that’s when I founded the institute.”

Q: Out of the things that you did to prepare for this job, what prepared you the most for success?

A: “Being willing to put myself out there, develop the skills, and letting people know that I had them.”

Q: What does a typical day look like for you?

A: “An 8-hour day is typical — It really depends on which aspect of my work I am focusing – on one day it could look like my reviewing privacy policies, terms and conditions, licenses and contracts, for online tech companies.

On another day it might look like my having to reach out to colleagues at big ISPs to find out why a certain organization has been blocked and on yet another day could look like my consulting to organizations about GDPR compliance.”

7. Security Architect

working in cybersecurity advice: think outside the box

  • Education: Bachelor’s degree
  • National Average Salary: $109,020 *
  • Stand-Out Skill: Creative problem-solving
  • Pros: Uncovering new techniques and methods
  • Cons: The frustration of working with management in larger organizations
  • Piece of Advice: Understand human behavior, cybersecurity is not only about technology, it also involves processes and the humans behind them.

Jon Rasiko, CEO at DeepCode.ca

Main Takeaways:

  • Understand human behavior, cybersecurity is not only about technology, it also involves processes and the humans behind them.
  • “I love all the technical aspects of my work, I love learning how things work, finding flaws and figuring out ways to have the target do what I want it to do.”
  • Join Capture-the-Flags (CTFs) competitions and do online challenges. Those not only develop your technical skills, but they also train your puzzle-solving skills and creativity, which is more valuable than most certifications.
  • No cyber-security problem comes with all the information you need to solve it, you need to know where to look, what to look for and understand how these pieces fit together to create your own solution.

Q: Advice you’d give to someone who is interested in pursuing your career?

A: “I have never regretted choosing cybersecurity: this is a dynamic field with a creative international community of professionals who share a simple goal: ensure technology and information is used for good, whether it is through code, hardware or policies.

I would do it again with more focus, more determination but also making more time to stay healthy. Always keep your mind and skills sharp, because your adversaries will.”

Q: Briefly describe the path that got you to where you are today.

A: “I’ve started studying computers on my own while in high school after my grandmother bought me a 286 computer with a whopping 1M of memory. After high school, I obtained my technical degree in computer programming but then decided to pursue my studies in Computer Science at university.

I worked briefly as a programmer, but then join the military as a communications officer, where I performed multiple roles, from network administration and planning to cyber intelligence to vulnerability assessments of weapon systems.

During my stay in the military, I’ve completed my masters’ degree in Computer Engineering and a few certifications, while getting very useful experience and learning valuable soft skills. I then decided to start my company to focus on technical challenges and explore novel security challenges in new areas such as adversarial machine learning and quantum programming.”

Q: Was there a particular moment that made you interested in pursuing this career path?

A: “The first time I watched Wargames (1983) I became fascinated by computers and what people could do with. I always wanted to learn about these incredible machines, but only had calculators and one VCR to play with. After breaking both, my grandparents made a huge investment and bought me my first computer. Best investment ever.”

Q: Out of the things that you did to prepare for this job, what prepared you the most for success?

A: “I started learning MS-DOS, batch scripting and then Basic. Once I started connecting to BBSes and later on the web, I became an addict to information: learning how computer viruses worked and learned more about the public telephone system, what used to be known as phreaking. I then started reading the 2600 magazine, Phrack and was fascinated by not only the technology but also the people coming up with all these techniques. I knew then that I wanted to be part of this community. Since then, I never hesitated about what I would do for a living.”

Q: What does a typical day look like for you?

A: “As long as I want it to be since I’m self-employed. That being said, I really enjoy what I do and it’s not unusual for me to spend 12 to 15 hours a day, either working on some project, or practicing for CTFs, creating tools to help me be more efficient or improving my infrastructure by setting up a new service or improving the security of my own network.

Once in awhile, I’ll take an afternoon a week to try something completely new. I often just pick up a random video from an academic institution, a tech company or a researcher to push my comfort zone a little bit.”

8. Cybersecurity Sales Engineers

working in cybersecurity advice: clearly communicate issues

  • Education: Bachelor’s Degree
  • Growth: 6%
  • National Average Salary: $101,420 *
  • Stand-Out Skill: Active listening and communication
  • Pro: Get to work with a variety of industries
  • Con: Rejection and pushback from clients
  • Piece of Advice: “Get started now, it’s a journey that requires a lot of hard work, not a quick fix to a destination.”

Chris Hoesly, Sales Engineering Manager at Varonis and Paul Browning, Sales Engineering Team Lead at Varonis

Main Takeaways:

  • Get as much exposure to as many industries as you can and get started as soon as possible.
  • You get the opportunity to work face to face with customers to learn and work through their challenges and discuss future plans.
  • You develop relationships through an active listening approach that allows you to stop talking, really listen.
  • Be prepared to adapt, not every business will follow your advice, your advice will change over time as new data is available.

Q: Advice you’d give to someone who is interested in pursuing your career: what would you do differently/what would you do the same?

A: “Get as much exposure to as many industries as you can and get started as soon as possible.” –Hoesly

“I like to compare cybersecurity to being a personal trainer.

Everyone wants to be in good shape but most struggle with the basics, such as diet, rest, and exercise over a long period of time to get there. It’s a journey that requires a lot of hard work, not a quick fix to a destination.

If you can understand that, you can outlast the frustrations that come with this role at all levels. Not every business will follow your advice, your advice will change over time as new data is available, and everyone thinks your services cost too much.” –Browning

Q: Briefly describe the path that got you to where you are today.

A: “My path is definitely not common. I graduated from college with a major in English and a minor in Biology in 2008. I got a job as a help desk analyst at a Fortune 500 company and started to climb through various integration and project management roles before joining 2 much smaller organizations to learn software engineering and management skills. I joined Varonis in 2015 and have evolved with our approach to cybersecurity ever since.” –Hoesly

“My path included starting in two branches of the military, self-studies, certifications, Bachelor’s degree, networking groups, community discussions (ISSA, ISACA, etc.), and more.” –Browning

Q: Was there a particular moment that made you interested in pursuing this career path?

A: “Security and sales were areas I was always cognizant of through various roles in various organizations, but never my focus until the opportunity with Varonis came up.” –Hoesly

“The sense of purpose to serve is what got me started. I don’t want to see businesses, economies, and, ultimately, people suffer due to lack of security measures being taken.” –Browning

Q: Out of the things that you did to prepare for this job, what prepared you the most for success?

A: “Active listening in my very first role shaped a lot of my success. Someone calling in with for an issue usually resulted in “marathon level” long phone calls. You develop relationships through a very active listening approach that allows you to stop talking, really listen (not wait to speak) and understand the person. I’ve worked on refining this ever since.” –Hoesly

“Growing up in a home that had little forgiveness for laziness and serving the Marines prepared me the most for just about everything in life.” –Browning

Q: What does a typical day look like for you?

A: “First, I clean up and prioritize email and internal tracking systems. Then the bulk of my day involves customer meetings, Internal planning meetings, testing/training, team calls, etc. At the end of my day, I review my calendar and plan for the following day/week.” –Hoesly

“A typical day for me includes a lot of multi-tasking to address sales engineer needs with my potential and existing clients and business planning as the lead for my time. Also, addressing issues that may be affecting myself or my team, communicating to keep everyone on the same page; documenting as much as possible for follow up, next steps, etc.” –Browning

The Most-Recommended Certifications and Resources

While many interviewees stated that IT and security certifications aren’t a requirement, the ones most recommended by cybersecurity professionals are:

As you can see, there are countless avenues to take in a variety of different business types if you’re interested in cybersecurity. It’s also clear that you don’t need to take the path most traveled, there are many ways to get to where you want to be.

Feel like you’re ready to take on new challenges at a top cybersecurity company? Check out our IT and cybersecurity career openings to see if any pique your interest.

*The salaries listed to do not represent any of the respondents’ salaries nor are they salary estimates from Varonis. These salaries have been pulled from the Bureau of Labor Statistics (BLS) and are for educational purposes only.

Rob Sobers

Rob Sobers

Rob Sobers is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way.

 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.