[develoopest]

I know someone working in Cyber Security, basically his job is to set a bunch of alerts for the client companies, all already predefined by a software, he basically sits, checks for new alerts from time to time and reports any issues, it does not require more than a 3 min investigation per alert or more work than to block the attacker IP in obvious cases.

I'm thinking of leaving my job and join the same company, it even pays decently.

[klipklop]

Literally this. For the most part this part of the industry is a fraud. They just run scanning tools and hand out pdf reports. Eventually some dev or ops team will say the reasons why they currently can’t comply and the cycle will start again in 6 months.

They literally do nothing and don’t even have to help integrate the security fixes. They just give reports. A sweet gig if you can get it. People rarely want to cut “security.”

[makemethrowaway]

Won't they be on the hook if there is a breach?

[lylejantzi3rd]

These companies carry Errors and Omissions insurance.

[Breza]

In my experience, infosec jobs are a mix of being bored (as you describe), doing meetings and documentation (e.g. Sales has a prospect that wants assurances that you take security seriously before signing a contract), and absolute blood curdling panic when there's an event.

If your infosec folks are always working 95%, they won't have time for the second two categories.

[makemethrowaway]

How to do the transition? Do we need some certs? Won't we be on the hook if there is a breach in the company?

[beastman82]

My medium size company has a dozen infosec engineers and this anecdote resonates so intensely.