Is cyber security boring?…
No, cyber security isn’t boring, but there are aspects of the job that may be less exciting than others.
You’ll come across many administrative responsibilities which aren’t going to be part of your core skillset.
Unfortunately, these are the daily requirements of many cyber security roles.
So, before you jump into a career in cyber security, be prepared to take on some of the least attractive parts of the job.
Table of Contents
Is cyber security boring? Click below to find out!
Too Many Meetings
Meetings are notorious for keeping people away from true productivity, and sometimes it just feels like people call meetings for the sake of looking productive.
Security meetings can be a challenge because they’re often focused on technical minutiae, and they can take place all throughout the day.
They’re especially worse when booked during lunch or at a time when most people are tired after a long day at work.
This can make it difficult to stay focused on what’s being discussed—and even more difficult to retain any new information from the meeting.
Security Alerts and Incident Logs
Security logs, also known as audit trails, are a necessary evil but are the basis of any cyber security program.
But, they are crucial for ensuring the integrity of data in your network.
Logs tell you what’s happening on your network, how it’s happening, and who’s responsible for it.
Unfortunately, this means that there are a lot of them, hundreds or even thousands of them.
And each one has to be manually reviewed and analyzed, which can be time-consuming.
Even as an analyst you might find it hard to keep up because there are so many to review every day.
And, if you’re like most security professionals, you probably won’t enjoy configuring them either.
Tickets Going Nowhere
Security tickets are one of the weariest parts of the job.
A security ticket is a request for action or information from a customer or partner on an issue related to IT security or compliance issue.
Cyber security analysts must deal with hundreds of these requests each year, and they don’t get any less dull as the business scales.
Initiating security tickets can become quite repetitive over time and sometimes may lead to no action taken.
Policies and Procedures
Security policies and procedures are the pillars of any organization, and they’re necessary to make security workflows efficient and effective.
There is a lot of work involved in creating and updating security policies and procedures.
This can be overwhelming for many businesses that don’t have the time or resources to devote to this aspect of their operations.
They’re not exactly exciting to read or write, but they are necessary for companies to remain compliant with industry standards or government regulations.
Cyber Security Is Dreary and Long During Audits
Companies must keep up with the latest cyber security standards to protect their customers and their own reputations.
To do that, compliance audits become a necessary part of the security process.
Audits tend to be repetitive, often involve a lot of paperwork, require going through checklists, cause short-term decreases in productivity, push employees to work overtime, and are very intrusive to the company culture.
Never Ending Compliance
Compliance requirements are the bane of most organizations’ existence.
They’re time consuming and difficult to manage with any kind of consistency.
And yet, they’re critical for keeping us safe from malicious actors.
To keep up, security professionals must demonstrate compliance with industry standards for security, and they need to do it consistently.
Compliance is separate from audit and isn’t a one-time thing; it’s an ongoing effort that needs constant maintenance and vigilance.
If you can manage your company’s compliance requirements effectively and efficiently, you’ll be able to focus your efforts on remaining productive while keeping your organization secure.
There are hundreds of security certifications currently on the market, with most security professionals holding just a small handful of those.
Unfortunately, the studying required to pass certification exams can be dull.
Security certifications require quite a bit of study which can last several weeks to several months depending on the amount of effort you put in.
This can make it hard for people to get involved in this exciting field.
The one good thing is that once you receive your security certifications, it’s only a matter of keeping up with your training. See below.
Training for Cyber Security Is Dull
Keeping up with the latest security knowledge within this industry is necessary.
This means you’ve got to keep ahead with continual learning, training programs, and exercises; but it’s not always the most exciting part.
It’s a struggle for companies to make learning new security material interesting for their employees, who are asked to sit through lengthy trainings or watch boring videos.
This doesn’t mean that all training is dreary, but don’t expect every training session to be hands-on either.
Reading Endless Emails
Emails are the backbone of nearly any company; and if you’re like most security people, you’re bound to receive a lot of emails.
Your inbox will be full of emails from your boss and coworkers asking for all sorts of information.
You might find yourself spending just as much time reading and responding to emails as you do your actual work.
Unfortunately, this probably gets worse the higher you move up in the company.
This aspect of cyber security is boring, but there’s no working around it!
Cyber security professionals know that a lot of people have difficulty understanding technical topics.
This can make it hard for people who aren’t in the industry (and even those that are in the industry) to grasp what’s going on.
Let’s face it, you’re going to be spending a while explaining your actions and processes to people such as upper management.
That means you’ll get called into meetings explaining technical concepts to people that don’t understand, perhaps multiple times!
And, if you’re really good at it, they might promote you full time to a leadership position!
Lack of Social Interaction
Some security professionals will end up working in isolation.
The work can become so intense that the only way to stay on top of everything is by staying at your desk and getting your work done.
There may be projects where you aren’t collaborating, and there’s no one else around to bounce ideas off of.
You’re on your own.
If you find yourself in this situation, it can be incredibly isolating, especially if you’re working a 12-hour shift from home.
You may be a one-man or one-woman show, spending your days alone staring at a screen while trying to fend off the next cyber-attack.
Risk Registers & Matrices
Risk registers and matrices are a method of identifying, evaluating, and controlling risks associated with security vulnerabilities for a project or business.
For many people, risk registers and matrices are a topic that makes their eyes glaze over.
Because let’s face it, developing risk registers and matrices is not exactly exciting work.
But if you want to keep your organization safe, they’re essential.
Documenting Every Detail
Cyber security is a document-heavy process.
You’re required to follow the proper plans, policies, and procedures to have an effective cyber security program.
To be effective, you have to make sure that everything you’re doing is documented in the right way so that others can see how things were done.
It’s the foundation to build a good cyber strategy upon, and it’s the road map that your team uses to get where they need to go.
It may be extremely exhausting, but you can’t have a good cyber security program without filling out paperwork and documenting everything in excruciating detail.
Vulnerability Scanning Really Makes Cyber Security Tedious
Vulnerability scans can take hours.
And they don’t really do anything except tell you what’s already obvious: “Hey, you should patch this thing.”
And here’s the thing: You probably already know what systems and applications need to be patched.
But somehow, you find yourself sitting in front of your computer, staring at a list of vulnerable systems and thinking, “You know what? I should probably patch these things.”
The catch is, it’s not your responsibility to apply the security patches.
It happens again the next day when you’re told about some other system that needs to be patched.
And then again next week when someone else tells you about yet another thing that needs to be patched.
It keeps happening every day until one day… poof!
Your organization is breached because someone exploited a system on your network that needed a patch.
What worse is that sometimes no one knows who owns the system or is even responsible for updating it!
Budget Forecasting & Tracking
Luckily this is only a senior level problem.
Forecasting and tracking your security budget, in addition to all your other work, can seem like a waste of time.
But here’s the thing: if you don’t take the time to do it, you’re leaving yourself open for some serious financial consequences.
If you don’t have a plan for how much money you’re going to spend on cyber security and where that money comes from, then what happens when a new threat emerges?
Do you scramble around trying to find funding just as hackers are breaking through your defenses and stealing data?
Or do you wait until it’s too late and then scramble around trying to figure out how to fix things?
Cyber Security Is Boring If You’re Proposal Writing
As you gain more experience, management will ask you to start writing proposals.
They’re the first step in the procurement process and usually necessary when offering new services to a client.
They also help protect your organization from making costly mistakes down the line.
Which is why it’s so important to do them right!
If you’re preparing a request for information (RFI), request for proposal (RFP), or request for quotation (RFQ), the process can be tedious, time-consuming, and downright boring.
This is especially true if you are unfamiliar with the subject matter, unsure of what information to include.
It’ll take practice learning to organize your thoughts while making the most compelling case for your business.
Vendor Risk Questionnaires
Another management-related problem is the vendor risk questionnaire.
Your standard vendor risk questionnaire is a long and complicated document that asks all kinds of questions about a vendor’s financial situation and operations.
It’s a pain to fill out, and no one wants to do it, but the reality is that these questionnaires are necessary to understand potential security risks in doing business with a new vendor.
If you’ve ever filled out a vendor risk questionnaire before, you probably know the drill.
Expect to fill in the blanks, and answer questions like “Do you have any employees who have been convicted of fraud?” or “How many people work for your company, and are they all legally authorized to work in the United States?”
Is cyber security boring? Not everything in cyber security is this dull, but as you can see, there are several aspects of the industry that can definitely be boring.
However, if you’re able to overcome some of these hurdles, then cyber is still a very good career option for you.