So one of the first questions you might ask when seriously considering a job in the security field is what jobs can I do? and what progression is possible?
Vulnerability scanner – This is the easiest role by far, and essentially see’s you running ready made software against the companies network in order to assess vulnerabilities and make note of any insecure or misconfigured/open ports.
Whilst the software does require some training, anyone who desires to – can reasonably expect to learn it in a matter of weeks. Which is why this role is not only in short supply but also commands a relatively low wage.
Pentesting – Penetration testing goes a step further and you can be expected to create a virtual attack within the network’s environment and assess how much information and damage can be done from these exploits.
The nice thing about Pentesting careers is that there is no substitute for hard work. You may be able to secure junior positions with the ability to run other peoples exploits however if you want to command a good wage or consider freelance then the ability to understand and write your own exploits is invaluable.
And whilst those skills can take many years to learn, they can not be brought by anyone unwilling to do the work.Thus commuting to learning these skills will transform you into a marketable and valuable asset that will have moderate power and maneuverability within the global job market.
Risk Analysis – You might think being last in the list that risk analysis would require the most commitment to learning, however this is not really the case. Risk analysis is a separate set of skills, and not everyone has the patience to do it well.
Someone hired for the role of Risk analysis/assessor is expected to perform the role of the pen-tester but to also understand every facet of company and organizational policy,needs and requirements as well as patiently developing an exhaustive list of the findings carried out during the various tests. They will also need to assess the risk of future attacks and implement or suggest security measures based on the probability.
Whilst you could learn Risk Analysis from the internet it really needs to be consolidated in an academic/working environment as you will be working on very clinical frameworks that require patience, attention to detail and a thorough understanding of all security threats and their respective counter measures.
There are other jobs within the security field, such as application/mobile and national security but these is a general career path that shows what the jobs entail as well as the amount of work needed to succeed in these roles.
Ultimately the path is not an easy one, however you will be at the front line ensuring that companies and organizations are secure and constantly learning and growing into a true professional. With that knowledge you become one among few, instead of common among many and will earn a wage that reflects this.
So the next time you find yourself slacking off remember that the future you want depends on the work you do today.