It’s because they don’t want to learn about hacking. Most of them are glorified auditors that work with a checklist, no imagination, pen pushers. I love the field but we need less people like that and more people who want to know how things work, break them and make it better
>Why is everyone in this field so inept?
Because they're hired by whatever certifications they get as opposed to actual skill.
moronic take. Documentation, compliance, and administrative paperwork is a huge part of cyber security, especially because the biggest problem tends to be LaShawnda from records clicking a fricking phishing link because she thought she was gonna get makeup coupons.
>I love the field
lmao, literally the equivalent of a security guard on the internet, only equipped enough to stop script kiddies (kid in a hoodie), but totally powerless against anything organised (guys tunnelling under the bank)
But being a security guard is a good job, you literally get paid to do nothing. You are actually not supposed to do anything about criminals, just hide and call the police.
I’m going to graduate with an associates in cybersecurity and hope that I can cruise through life just checking logs, installing updates, and closing/blocking suspicious ports/IPs. I’m also depressed and not really looking forward to anything aside from the inevitable AI, cyberpunk takeover.
Because you homosexuals certified black hats out of the industry, and no one in their right mind is going to give me a job if I walk into the interview with the interviewers dox (inclusive of bank details), how I accomplished the task, and what I would do to rectify the issue to ensure it can’t happen again.
I mean, it’s proof of work, but you’d all rather have some moronic indian c**t with a thousand random certs, and quite frankly, that’s fine with me. I love watching businesses crumble & burn because they hire based on accreditation & not ability lmao. You get what you deserve.
i’m starting to lean into the opinion that this was all by design in order to undermine the infrastructure of the west as well as disenfranchise/demoralise anyone (mainly white men) who have even an inkling of understanding & experience.
>Why is everyone in this field so inept?
govs and companies are desperate to get people to secure their systems by following checklists
checklists are not enough, the job is high stakes, high stress, gruelling and boring
people who understand computer systems would rather be building something new and cool
which leaves only non tech morons to enter the field
The job is high-stress because as you start to learn more & more about network architecture, you quickly realise that all governments are paper tigers living in sandcastles, with their infrastructure being built atop an ever rising water table.
But you’re right in that, yeah, we would rather be building something new and/or cool. I worked with a dude who was probably one of the most intuitive & clever black hats i’ve ever had the pleasure of meeting. Do you know what he does for work now? He’s a plumber. Said that not even all the money in the world could provide him with the means to deal with corporate checklists and KPIs demanded by people (women) who don’t (can’t) understand the scope of work. Now I don’t know what he does, but it’s sad to see such a waste of talent & potential because government/big business would rather shoot themselves in the foot than give people a fair go, but I digress.
It’s all fun, games, and “sorry anon your skin is much too fair” until one of the many corporate data leaks contains the personal information of C-Suite execs & their kids. Then it’s all hands on deck, let’s hire the best and ONLY the best, etc.. Frick cybersecurity, there’s more money to be made brokering personal data, consequently cleaning the funds via exchange markets (same way gov does it), if money is your motivator. Otherwise, do what my old friend did and let it all burn.
>you quickly realise that all governments are paper tigers living in sandcastles, with their infrastructure being built atop an ever rising water table.
just a few defcon talks will make you realise you should be a prepper
>until one of the many corporate data leaks contains the personal information of C-Suite execs & their kids. Then it’s all hands on deck
this, unfortunately
they never listen to tech people until something happens, and by then it's too late
>i’m starting to lean into the opinion that this was all by design in order to undermine the infrastructure of the west as well as disenfranchise/demoralise anyone (mainly white men) who have even an inkling of understanding & experience.
yeah, I think its going to take a very painful economic downturn for companies to become meritocratic again, just purely out of necessity
but even then, they will never be meritocratic as long as civil rights laws still exist and H1B visas flood in
We need regime change
2 weeks ago
Anonymous
>I think its going to take a very painful economic downturn for companies to become meritocratic again, just purely out of necessity
I agree, but by then it will be way too late to salvage anything, and we’ll all be left holding the proverbial bag that is the end of homogeneous white (polite) society. But i disagree with you on that you think people will learn their lesson: they won’t. People never learn, hence why we’re staring down the barrel of globalised communism & impending bantu bolshevism.
Are you one of the glowies ITT? I want to hear it from the horses mouth regarding the stigma behind employment & mental health, as well as your thoughts/opinions (or whatever your KB articles allow you to share) on how to affect a beneficial regime change that doesn’t involve plugging in PLCs/PLBs to hijack a BMS and slowly asphyxiate the occupants. Bet you they don’t teach that in the Security+ exam lmao
>Do you know what he does for work now? He’s a plumber.
And I became a NEET. Miss me with that wagie shit.
>you quickly realise that all governments are paper tigers living in sandcastles, with their infrastructure being built atop an ever rising water table.
just a few defcon talks will make you realise you should be a prepper
>until one of the many corporate data leaks contains the personal information of C-Suite execs & their kids. Then it’s all hands on deck
this, unfortunately
they never listen to tech people until something happens, and by then it's too late
it's no use protecting sandcastles on the beach
>defcon
Part of the problem nowadays. It became Black Hat for blue hairs.
What are some good resources to learn more about cyber security that is meme level certifications? I'm sure getting some would be helpful, but to learn more what are some good resources?
If you need to ask because you can't determine this on your own, get a job at McDonalds. Your mindset is exactly the problem this thread is about.
Because netwerk engineers are to fricking autistic for it. Like with coodemonkeys you need someone translating their nonsense to a organisation. So basically they are glorified translators who also have the authority to set policies.
because companies don't want someone who tells them how they need to invest into stabilizing their brittle systems and processes, they just want compliance managers that will allow them to keep using windows and outlook and active directory because microsoft managed to convince everyone that's just how computers work
>because companies don't want someone who tells them how they need to invest into stabilizing their brittle systems and processes
Not quite right. Companies like to bring in consultants for this exact shit as opposed to listening to their own professionals who often give the same or better advice.
you don’t have to pay consultants industry rates, nor do you have to pay for their benefits; you get all the goodies that come with an underpaid & over-qualified new hire, but with none of the job security or overheads/paperwork.
I'm just saying they hire consultants as a humiliation ritual. Pray it never happens to you
2 weeks ago
Anonymous
It happened once, and I learned my lesson very quickly. Frick corporate boomers and HR Karens.
dude cybersecurity is fricking easy, all of the tools are already made and require zero thought to use but theyre so poorly documented and advertised that it seems insurmountable. People use this to jerk themselves off and treat the field like it means literally anything at all, but it's filled with fat midwit redditors. Almost all common AV and detection is literally fricking grep dude. You can bypass AMSI by randomly capitalizing letters in the one-liner you use to turn it off. Defender is almost completely beaten by beating grep. EDR? Beat the grep, unhook sysmon, use some other guy's tool to kill the service. Anyone doing actually cool shit is making cheats for games unironically.
>Anyone doing actually cool shit is making cheats for games unironically.
No one will hire someone who admits to breaching EULAs and SLAs for personal profit & gain lol. But yes, you’re right: cheats for video games are fricking rad and from what i’ve heard (eat my ass
no they dont t. glowie
) the pay is quite decent for what it is. Like a mini micro service/mini SaaS that leaves you liable to be sued lmao
2 weeks ago
Anonymous
i am both the second and third person you quoted. i dont want to be a glowie anymore, but I am obligated to be
2 weeks ago
Anonymous
>i dont want to be a glowie anymore, but I am obligated to be
I’m not even allowed to be a glowie, but I understand, anon; a man’s gotta do what a man’s gotta do.
>real hackers who have experience already have alternate sources of income >These people do not want to disclose their identity, normally. >Corporates would not risk their cyber assets to these people anyway. >people who would hire cybersec normally do not have the experience and knowledge to see who's actually talented >the best option you are left with is rando kids with fresh certificates >They gain experience by being attacked, and they normally deal with poojeet trojan email scam and random ddos attack, and that is good enough for day to day corporate usage.
They are more like cyber janitors instead of security. Mall guards, if you insist on calling them sec.
The real competent ones are either hidden or in the government.
>The real competent ones are either hidden or in the government.
Half right: the genuinely competent hackerman guys are either being watched by their government from a distance, or are being watched by the government by means of working for them. Then again, would you believe anything you read on the internet in 2024AD?
dude cybersecurity is fricking easy, all of the tools are already made and require zero thought to use but theyre so poorly documented and advertised that it seems insurmountable. People use this to jerk themselves off and treat the field like it means literally anything at all, but it's filled with fat midwit redditors. Almost all common AV and detection is literally fricking grep dude. You can bypass AMSI by randomly capitalizing letters in the one-liner you use to turn it off. Defender is almost completely beaten by beating grep. EDR? Beat the grep, unhook sysmon, use some other guy's tool to kill the service. Anyone doing actually cool shit is making cheats for games unironically.
>Why is everyone in this field so inept?
govs and companies are desperate to get people to secure their systems by following checklists
checklists are not enough, the job is high stakes, high stress, gruelling and boring
people who understand computer systems would rather be building something new and cool
which leaves only non tech morons to enter the field
>always enjoyed reading and learning about exploits and whatnot >maybe I should pursue a career in cyber security >decent job market >check out certs etc >doesn't seem that hard >check what the actual jobs are >it's mostly just running automated scripts and sending their pdf output
miss me with that gay shit
What are some good resources to learn more about cyber security that is meme level certifications? I'm sure getting some would be helpful, but to learn more what are some good resources?
alright il get myself into this hacking business, I want the easiest, most based and time efficient way of learning to hack by writing code, I won't read ANY of your book or doc recs, I will wait a bit for your reply anon, but be quick about it.
>Why is everyone in this field so inept?
They learn from the "good guys" and not their actual enemies. The "good guys" follow processes, procedures, rules and laws. The bad guys are exempt from all of those things.
>it's another episode of glorified bean counters larping about their checklists of applying two dozen layers of snake oil and then still getting all data exfiled because the s3 bucket was publicly listed
Well, for a large city in Texas, the city "promoted" the incompetent people from the network team into the newly created security team to "limit their blast radius". > security team didn't think the election subnet needed to be fronted by a firewall > "we have antivirus" > I asked them about "on your Oracle cluster that runs your elections?" > silence
I've noticed something similar with networking guys jumping to security and then not having a lick of common sense when it comes to policy and best practice. I think part of it is people hiring internally and those individuals not coming from a security background to begin with. our previous security director for some fricking reason thought it was fine for us to not even have a DMZ, and we found out he was letting people save service account passwords in the description field in active directory
>Cool so they have added another point of failure
No. Actually they admitted "can't put AV on Oracle" so in their checklist they noted the discrepancy and moved on.
We looked at that Oracle cluster and it was getting hammered by access attempts from all over the city and all over the world. > "hmm, we will take that under advisement and bring it up with our consultant next time we meet"
Any competent human would jump to "deny from all, allow from a select few".
It seems to me that everyone touts security guys as being hyper competent hackerman geniuses who can disable industrial systems or break into top secret databases and shit, but everyone who actually works in the field just does paperwork or spends their days on splunk.
Then you've got a minority of hyper autists who are really into reverse engineering and malware, but that's about it.
I don't understand the discrepancy. How is the cyber field as a whole filled with glorified IT helpdesk workers? Who is working on the insane shit like quantumsquirrel and whatnot? Are we just made to believe "hackers can break into anything" when really nobody can break into anything and it's just the NSA installing backdoors into every device?
Because that's what the world is. A world filled with incompetent people who don't give a frick.
What you just described is the norm in every single field in existence. You can just see the divide here because of the perception of the public on the profession, that's all.
Not really, some fields are filled with competent people. Taking extreme examples, actual AI (not data monkey bullshit), or quantitative finance, have no morons in them. Embedded work also has a lot of very competent guys.
Cyber is, for some reason, full of morons while the actual stakes are extremely high. I'm just wondering if anyone currently alive has the skillset to actually do the hackerman shit we all hear about or if it's all spooks diverting motherboard supply lines and that's it
You're comparing extremely specific fields with a very vast one. A more apt comparison would be with exploit development or red teaming. That's what you're thinking about when you talk about "hackerman stuff". The rest is important, but very boring. Incident Response is also filled with extremely talented people, just another line of work though.
All in all, remember that while the lines of work don't require talent, they are still required. The world would go to shit without your local shop selling you some shit. Keep this in mind.
2 weeks ago
Anonymous
>red teaming
Yeah, but this seems like a ghost job to me. In that red team is all anyone ever hears about concerning cyber, but nobody seems to actually be doing it. Where are these people?
2 weeks ago
Anonymous
It's not. But it's also less sexy than you think it is.
Truth is, a red team is either external and it's a lot of no fun allowed moments and mostly conducting social engineering on people, or internal teams and that one is just a fricking snore.
The gist of it is that it's not nearly as sexy as you think.
The real sexy work is the work that would seem boring to most people. Exploit development, research and all that jazz. That shit is DULL to most people, but this is the real deal. The real talent lies there, and yet it's the least celebrated.
I can convince you by making you look at pentesting job burnout rates. It's not red teaming, but it's got the same sexiness. Yet here we are.
The people who come up with clever ways to hide/obfuscate/transport data aren't allowed to work in IT departments. Everyone allowed in follows industry practices which were studied and worked around by cybercriminals years ago.
Because the process to get in as a law abiding citizen is worse than being a code monkey. Anyone with the right set of skills gets in via an inside friend or just goes black hat.
The worst part is you can be a victim of identity theft while practicing the strictest type of infosec, come up with ways to hide your data, and have the data be useless if someone got it, from your personal machines/networks, but the company that handles your insurance/medical/banking/government related functions is full of people who will expose your SSN/finances and never be held seriously liable for any kind of breach.
It’s because they don’t want to learn about hacking. Most of them are glorified auditors that work with a checklist, no imagination, pen pushers. I love the field but we need less people like that and more people who want to know how things work, break them and make it better
>Why is everyone in this field so inept?
Because they're hired by whatever certifications they get as opposed to actual skill.
moronic take. Documentation, compliance, and administrative paperwork is a huge part of cyber security, especially because the biggest problem tends to be LaShawnda from records clicking a fricking phishing link because she thought she was gonna get makeup coupons.
>I love the field
lmao, literally the equivalent of a security guard on the internet, only equipped enough to stop script kiddies (kid in a hoodie), but totally powerless against anything organised (guys tunnelling under the bank)
But being a security guard is a good job, you literally get paid to do nothing. You are actually not supposed to do anything about criminals, just hide and call the police.
I’m going to graduate with an associates in cybersecurity and hope that I can cruise through life just checking logs, installing updates, and closing/blocking suspicious ports/IPs. I’m also depressed and not really looking forward to anything aside from the inevitable AI, cyberpunk takeover.
>Most of them are glorified auditors that work with a checklist, no imagination, pen pushers.
As usual, first post best post /thread.
They needed a field that sounded high prestige where they could dump all the browns who couldn't understand webdev.
Remove the word "cyber" and you're still correct.
because glowies hire anyone good to be red team
no they dont t. glowie
Everyone with zero skill can do it.
Because you homosexuals certified black hats out of the industry, and no one in their right mind is going to give me a job if I walk into the interview with the interviewers dox (inclusive of bank details), how I accomplished the task, and what I would do to rectify the issue to ensure it can’t happen again.
I mean, it’s proof of work, but you’d all rather have some moronic indian c**t with a thousand random certs, and quite frankly, that’s fine with me. I love watching businesses crumble & burn because they hire based on accreditation & not ability lmao. You get what you deserve.
This.
All you're left with are jeets and Mr Robot basedboys who depend on tools they don't understand the workings of.
i’m starting to lean into the opinion that this was all by design in order to undermine the infrastructure of the west as well as disenfranchise/demoralise anyone (mainly white men) who have even an inkling of understanding & experience.
The job is high-stress because as you start to learn more & more about network architecture, you quickly realise that all governments are paper tigers living in sandcastles, with their infrastructure being built atop an ever rising water table.
But you’re right in that, yeah, we would rather be building something new and/or cool. I worked with a dude who was probably one of the most intuitive & clever black hats i’ve ever had the pleasure of meeting. Do you know what he does for work now? He’s a plumber. Said that not even all the money in the world could provide him with the means to deal with corporate checklists and KPIs demanded by people (women) who don’t (can’t) understand the scope of work. Now I don’t know what he does, but it’s sad to see such a waste of talent & potential because government/big business would rather shoot themselves in the foot than give people a fair go, but I digress.
It’s all fun, games, and “sorry anon your skin is much too fair” until one of the many corporate data leaks contains the personal information of C-Suite execs & their kids. Then it’s all hands on deck, let’s hire the best and ONLY the best, etc.. Frick cybersecurity, there’s more money to be made brokering personal data, consequently cleaning the funds via exchange markets (same way gov does it), if money is your motivator. Otherwise, do what my old friend did and let it all burn.
>you quickly realise that all governments are paper tigers living in sandcastles, with their infrastructure being built atop an ever rising water table.
just a few defcon talks will make you realise you should be a prepper
>until one of the many corporate data leaks contains the personal information of C-Suite execs & their kids. Then it’s all hands on deck
this, unfortunately
they never listen to tech people until something happens, and by then it's too late
it's no use protecting sandcastles on the beach
>i’m starting to lean into the opinion that this was all by design in order to undermine the infrastructure of the west as well as disenfranchise/demoralise anyone (mainly white men) who have even an inkling of understanding & experience.
yeah, I think its going to take a very painful economic downturn for companies to become meritocratic again, just purely out of necessity
but even then, they will never be meritocratic as long as civil rights laws still exist and H1B visas flood in
We need regime change
>I think its going to take a very painful economic downturn for companies to become meritocratic again, just purely out of necessity
I agree, but by then it will be way too late to salvage anything, and we’ll all be left holding the proverbial bag that is the end of homogeneous white (polite) society. But i disagree with you on that you think people will learn their lesson: they won’t. People never learn, hence why we’re staring down the barrel of globalised communism & impending bantu bolshevism.
Are you one of the glowies ITT? I want to hear it from the horses mouth regarding the stigma behind employment & mental health, as well as your thoughts/opinions (or whatever your KB articles allow you to share) on how to affect a beneficial regime change that doesn’t involve plugging in PLCs/PLBs to hijack a BMS and slowly asphyxiate the occupants. Bet you they don’t teach that in the Security+ exam lmao
>Do you know what he does for work now? He’s a plumber.
And I became a NEET. Miss me with that wagie shit.
>defcon
Part of the problem nowadays. It became Black Hat for blue hairs.
If you need to ask because you can't determine this on your own, get a job at McDonalds. Your mindset is exactly the problem this thread is about.
Because netwerk engineers are to fricking autistic for it. Like with coodemonkeys you need someone translating their nonsense to a organisation. So basically they are glorified translators who also have the authority to set policies.
because companies don't want someone who tells them how they need to invest into stabilizing their brittle systems and processes, they just want compliance managers that will allow them to keep using windows and outlook and active directory because microsoft managed to convince everyone that's just how computers work
>because companies don't want someone who tells them how they need to invest into stabilizing their brittle systems and processes
Not quite right. Companies like to bring in consultants for this exact shit as opposed to listening to their own professionals who often give the same or better advice.
you don’t have to pay consultants industry rates, nor do you have to pay for their benefits; you get all the goodies that come with an underpaid & over-qualified new hire, but with none of the job security or overheads/paperwork.
I'm just saying they hire consultants as a humiliation ritual. Pray it never happens to you
It happened once, and I learned my lesson very quickly. Frick corporate boomers and HR Karens.
>Anyone doing actually cool shit is making cheats for games unironically.
No one will hire someone who admits to breaching EULAs and SLAs for personal profit & gain lol. But yes, you’re right: cheats for video games are fricking rad and from what i’ve heard (eat my ass
) the pay is quite decent for what it is. Like a mini micro service/mini SaaS that leaves you liable to be sued lmao
i am both the second and third person you quoted. i dont want to be a glowie anymore, but I am obligated to be
>i dont want to be a glowie anymore, but I am obligated to be
I’m not even allowed to be a glowie, but I understand, anon; a man’s gotta do what a man’s gotta do.
>real hackers who have experience already have alternate sources of income
>These people do not want to disclose their identity, normally.
>Corporates would not risk their cyber assets to these people anyway.
>people who would hire cybersec normally do not have the experience and knowledge to see who's actually talented
>the best option you are left with is rando kids with fresh certificates
>They gain experience by being attacked, and they normally deal with poojeet trojan email scam and random ddos attack, and that is good enough for day to day corporate usage.
They are more like cyber janitors instead of security. Mall guards, if you insist on calling them sec.
The real competent ones are either hidden or in the government.
>The real competent ones are either hidden or in the government.
Half right: the genuinely competent hackerman guys are either being watched by their government from a distance, or are being watched by the government by means of working for them. Then again, would you believe anything you read on the internet in 2024AD?
dude cybersecurity is fricking easy, all of the tools are already made and require zero thought to use but theyre so poorly documented and advertised that it seems insurmountable. People use this to jerk themselves off and treat the field like it means literally anything at all, but it's filled with fat midwit redditors. Almost all common AV and detection is literally fricking grep dude. You can bypass AMSI by randomly capitalizing letters in the one-liner you use to turn it off. Defender is almost completely beaten by beating grep. EDR? Beat the grep, unhook sysmon, use some other guy's tool to kill the service. Anyone doing actually cool shit is making cheats for games unironically.
Because it's full of morons who just get a bunch of certs and have no hands on experience so they frick shit up soon as they get hired
>Why is everyone in this field so inept?
govs and companies are desperate to get people to secure their systems by following checklists
checklists are not enough, the job is high stakes, high stress, gruelling and boring
people who understand computer systems would rather be building something new and cool
which leaves only non tech morons to enter the field
>always enjoyed reading and learning about exploits and whatnot
>maybe I should pursue a career in cyber security
>decent job market
>check out certs etc
>doesn't seem that hard
>check what the actual jobs are
>it's mostly just running automated scripts and sending their pdf output
miss me with that gay shit
>miss me with that easy job
>miss me with an easy $100k
Wankers like you would rather "work hard" for peanuts instead
What are some good resources to learn more about cyber security that is meme level certifications? I'm sure getting some would be helpful, but to learn more what are some good resources?
Time to post this shit again.
http://phrack.org/issues/68/7.html
alright il get myself into this hacking business, I want the easiest, most based and time efficient way of learning to hack by writing code, I won't read ANY of your book or doc recs, I will wait a bit for your reply anon, but be quick about it.
Because it's full of morons who Google "cert with best salary" and the top results say CS with 100k
>Why is everyone in this field so inept?
They learn from the "good guys" and not their actual enemies. The "good guys" follow processes, procedures, rules and laws. The bad guys are exempt from all of those things.
>it's another episode of IQfy coders lack knowledge of why risk management roles are important for information security
>it's another episode of glorified bean counters larping about their checklists of applying two dozen layers of snake oil and then still getting all data exfiled because the s3 bucket was publicly listed
Well, for a large city in Texas, the city "promoted" the incompetent people from the network team into the newly created security team to "limit their blast radius".
> security team didn't think the election subnet needed to be fronted by a firewall
> "we have antivirus"
> I asked them about "on your Oracle cluster that runs your elections?"
> silence
I've noticed something similar with networking guys jumping to security and then not having a lick of common sense when it comes to policy and best practice. I think part of it is people hiring internally and those individuals not coming from a security background to begin with. our previous security director for some fricking reason thought it was fine for us to not even have a DMZ, and we found out he was letting people save service account passwords in the description field in active directory
>we have antivirus
Cool so they have added another point of failure / entry because their checklist told them so.
>Cool so they have added another point of failure
No. Actually they admitted "can't put AV on Oracle" so in their checklist they noted the discrepancy and moved on.
We looked at that Oracle cluster and it was getting hammered by access attempts from all over the city and all over the world.
> "hmm, we will take that under advisement and bring it up with our consultant next time we meet"
Any competent human would jump to "deny from all, allow from a select few".
part of hatred for security is the fact that they have to tard wrangle other teams for doing moronic shit. cops of IT
More like other teams have to tard wrangle the CS guy after he fricks up the infrastructure
It seems to me that everyone touts security guys as being hyper competent hackerman geniuses who can disable industrial systems or break into top secret databases and shit, but everyone who actually works in the field just does paperwork or spends their days on splunk.
Then you've got a minority of hyper autists who are really into reverse engineering and malware, but that's about it.
I don't understand the discrepancy. How is the cyber field as a whole filled with glorified IT helpdesk workers? Who is working on the insane shit like quantumsquirrel and whatnot? Are we just made to believe "hackers can break into anything" when really nobody can break into anything and it's just the NSA installing backdoors into every device?
Because that's what the world is. A world filled with incompetent people who don't give a frick.
What you just described is the norm in every single field in existence. You can just see the divide here because of the perception of the public on the profession, that's all.
Not really, some fields are filled with competent people. Taking extreme examples, actual AI (not data monkey bullshit), or quantitative finance, have no morons in them. Embedded work also has a lot of very competent guys.
Cyber is, for some reason, full of morons while the actual stakes are extremely high. I'm just wondering if anyone currently alive has the skillset to actually do the hackerman shit we all hear about or if it's all spooks diverting motherboard supply lines and that's it
You're comparing extremely specific fields with a very vast one. A more apt comparison would be with exploit development or red teaming. That's what you're thinking about when you talk about "hackerman stuff". The rest is important, but very boring. Incident Response is also filled with extremely talented people, just another line of work though.
All in all, remember that while the lines of work don't require talent, they are still required. The world would go to shit without your local shop selling you some shit. Keep this in mind.
>red teaming
Yeah, but this seems like a ghost job to me. In that red team is all anyone ever hears about concerning cyber, but nobody seems to actually be doing it. Where are these people?
It's not. But it's also less sexy than you think it is.
Truth is, a red team is either external and it's a lot of no fun allowed moments and mostly conducting social engineering on people, or internal teams and that one is just a fricking snore.
The gist of it is that it's not nearly as sexy as you think.
The real sexy work is the work that would seem boring to most people. Exploit development, research and all that jazz. That shit is DULL to most people, but this is the real deal. The real talent lies there, and yet it's the least celebrated.
I can convince you by making you look at pentesting job burnout rates. It's not red teaming, but it's got the same sexiness. Yet here we are.
The people who come up with clever ways to hide/obfuscate/transport data aren't allowed to work in IT departments. Everyone allowed in follows industry practices which were studied and worked around by cybercriminals years ago.
Because the process to get in as a law abiding citizen is worse than being a code monkey. Anyone with the right set of skills gets in via an inside friend or just goes black hat.
>just goes black hat.
There are no black hats
Just spooks
The worst part is you can be a victim of identity theft while practicing the strictest type of infosec, come up with ways to hide your data, and have the data be useless if someone got it, from your personal machines/networks, but the company that handles your insurance/medical/banking/government related functions is full of people who will expose your SSN/finances and never be held seriously liable for any kind of breach.
cope sòylennial