Crossposted using Lemmit.

Original post from /r/cybersecurity by /u/Maikkeyy on 2023-07-06 22:19:30+00:00.

Hello fellow security enthusiasts!

I am a software engineering graduate (27y) with a specialization in cybersecurity. Currently, I have been working for approximately 5 years at an ethical hacking company, focusing on web application penetration testing. In those years I have developed internal tooling (which I enjoyed) and performed white-box web app penetration tests.

Working in this role has provided me with extensive knowledge and the satisfaction of understanding the inner workings of systems and techniques to bypass them. However, after gaining a significant amount of experience, the excitement has faded. The recent increase in work pressure has made it feel like I am working on an assembly line, rushing through a protocol of test items for each web application.

Initially, every item in the protocol represented a new attack, and learning about them was enjoyable. Now, even if I discover a Remote Code Execution (RCE) vulnerability, the thrill is short-lived. Most of what I learn in the application security field feels like a variation of what I already know. While there will always be new types of attacks and exploits, they often lead to the same end goal: achieving RCE.

Lately, I find myself constantly checking the clock, struggling to stay motivated. My productivity has declined, and my job satisfaction and overall mood have been greatly affected. Interestingly, whenever I receive a side task that involves programming, time flies by. The process of coding and seeing the results of my work gives me a sense of fulfillment. I believe this feeling speaks volumes.

Since the outbreak of the coronavirus, my perspective on work has changed significantly. Additionally, I have moved out of my parents’ house and am living on my own. I have realized that I am saving less money and have less free time, and a major portion of my life revolves around work. Therefore, it is crucial for work to be enjoyable.

For at least 1.5 years, I find myself completely lost, lacking a clear future perspective on what I want to pursue. I am uncertain about my career path and even questioning whether I want to remain in the IT field. Sometimes, working in IT can feel soulless. However, considering a switch to software engineering seems like a considerable risk that may be worth exploring.

Don’t get me wrong, I still have a strong interest in the cybersecurity field, especially when it comes to low-level activities such as malware analysis, reverse engineering, and exploit development. However, I don’t believe network pentesting would be of great interest to me, as it often involves advising clients to improve their configurations or update software. And in my experience you’re often not allowed to exploit things, only scanning them. Therefore, red teaming could be another option worth considering, while blue team roles are not particularly appealing to me.

Are there others who can relate to these feelings? Have any of you made a transition from cybersecurity to software engineering? However, I do have concerns about working as a programmer in a corporate environment where decisions are made by others and bureaucratic processes may be prevalent. I am also afraid that software development may eventually become monotonous.

Nevertheless, it might be worth giving it a try. It feels like I am going through a quarter-life crisis, and it’s quite an unpleasant feeling!