tanaypratap
commented
4 years ago Notes: Whether you like to believe it or not, what is shown in movies is not the actual work. It's not that fancy. Nobody actively attacks you. There are bots. And then there are devices on the other sides which fights these bots, called firewall or advanced levels of firewall. So, your job is mostly reduced to seeing the logs and alert. Most of this field is automated by Cisco and other big players. Therefore, even though the field has a lot of money, most money goes to these big companies.
Other part is that you have to do a lot of mugging up to pass certifications. These exams are extremely costly and needs almost zero creativity. And if you don't have a certification, your value will be zero.
Penetration Testers also mostly use tools, albeit advanced ones. And they have a playbook. Oh! we found this vulnerability, good, let me try to get escalated privileges with this. So, the creativity scope is quite limited.
Social engineering is some aspect but if you work for a company, which you will work for, that engineering will be left to sending phishing emails.
I am not saying that it's a boring field. I am saying that majority of the work is not as fancy as it seems from outside.
Your problem is that you're listening to fadia and I don't know who. These people are scamming Indian students by saying FBI contacted them or what not. Please read about them on reddit.
vijethx
Read this for my views.
I'll make a video on this as well. Subscribe to YouTube so that you don't miss it.