this post was submitted on 19 Jun 2024
271 points (97.9% liked)
Technology
59374 readers
7033 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
And ~100% of cybersecurity pros work ad hoc 100% of the time...
They probably put in 2-10 hours of actual work in a given week. Just like any desk job that doesn't sit on zoom calls all day.
Edit: 100% of people downvoting this should first Google "ad hoc." Or are just envious that I have a cybersec job making good money doing nothing all day. Sucks to suck. π€·ββοΈ
Kinda how ~100% of IT salaried positions work. If you're confused, you're probably hourly.
If you're paying someone to always be on call then they are always working. Just because you don't always need them doesn't mean they aren't working. You're paying for their availability.
He clearly was typing on his phone and his message was obvious.
I agree with this but I think point is that yes they are on call all the time but in exchange they get a lot of down time to live their lives.
Not sure it is fair I don't work like that and I don't think I can.
Nurse model seems to make more sense where there is on call list and you get paid for that time.
IMO sitting at my desk, watching logs or waiting for something to come in isn't living my life. I can't do my hobbies, I can't play video games, drink a beer, watch a movie, hang out with my friends, etc. Browsing lemmy or youtube isn't exactly living my life. As long as I'm at that desk, I'm working.
All fair points and agree... If I am on the clock, I am working. Work flow is management issue
That could work, if you had a large pool of these people to put on the on call list. Most companies do not. And only having every other weekend off is not living.
Sounds like a management issue IMHO
Maybe people should organize and deny these leaders cheap labour?
100% but in general there are too few people that possess the skills for this work. So they are hard to find and expensive.
Sounds like the sort of challenging market conditions executives get paid big money to solve...
I know god forbid these people have to do any work lol
True.. very true
Since we're telling people to Google things, try "anecdotal fallacy" and let us know if it helps you to understand the source of the downvotes.
The OP is about survey data that directly contradicts your position. It's fantastic that you've found a position where you have work/life balance that works so well for you, but it simply doesn't match the experience of many commenting in this thread or those who were surveyed.
Be as obstinate as you like, it won't change the lived experiences of others in the industry.
If your cybersecurity and/or SecOps team isnβt working 40 hrs a week, youβre either WAY over staffed or youβre missing out on a lot of proactive security work. Ours has a massive backlog of tickets and is working proactively on protecting and preventing incursions and security incidents.
Lol he's got 5 people for 700 users. Way overstaffed. Or well-staffed at a minimum.
700 users is a business group in my world.
No, SOAR tools make life pretty easy. 5 person SOC team + boss, 700 person org. Not overstaffed.
I get a few alerts every few hours. Investigate, determine if false positive, and go back to gaming. Unless it's the off chance it's not a false positive. Then I do an hour of work or so. Then back to gaming.
No alert development, threat hunting, or ML research? No upskilling of any kind? Must be nice to work at a company with no impact to the world when it gets popped.
You are one of these people that also thinks the utility companies sit on their ass while they are not performing a break-fix aren't you?
If anything security means ploughing through logs, checking up on monitoring alerts. And most importantly constant lobbying with the devs and deployment projects to actually take security serious.. yes we know it is easier to deploy without ssl, single sign on, firewall, monitoring suite and not using our template but your own custom OS install etc.. but this means everything is fucked if something happens and noone will be able to tell why. And No you cannot just deploy the database cluster in the DMZ so that it is easier to access.
You are the one that said these people do 2-10 hours of work a week and I tried to tell you that there is so much more to the domain of security.
So you kinda told us a lot about yourself with your denigrating remark.