What is it like... Cybersecurity, Software Development and Software Engineering.

[Sherri is a Cat]

I've hesitated mentioning this to anyone either here or in the 'real world'. It would be a huge change for me and a challenge, but one that I think I would enjoy. But before making a commitment I would like to know what it's like from people who actually do these things.

Some of you know that after having cancer and a few other life changing events I'm starting my life over. It would be a very long time before going back into business again as a landscape designer. I love it and I can't believe people pay me for it. It's just not possible right now and I won't work for someone else. My ideas are worth money.

After getting over my fear of them, I've always enjoyed computers. I love knowing how things work, how to make them do what I want them to do, getting around obstacles, building them, fixing them. People have encouraged me to pursue IT but I never took them seriously. Recently I met and became friends with someone who works in cybersecurity. When he said I would be good in IT, then I took it seriously.

I have an apprenticeship opportunity in the IT field with a local college. After 12 weeks, I can take the CompTIA test. I took an aptitude test and scored highest in cybersecurity, followed software engineering then software development. I've read up on what these jobs are about. I talked to someone who went through the program and knows the professor. He thinks I would be a good fit. I was given the professors email address and phone number. I just sent a message asking for more information.

I lost a lot after a divorce, a sudden move and then cancer. This apprenticeship could potentially change my life, help me get it back on track. I think I'm going to go for it. Before I make a commitment, I would like to know from people who actually work in these fields what it is like. What is good, bad, what do you like about it, what do you not like. It's one thing to read an article. It's another to hear from people in the trenches.

If you work in one of these fields I would really like to hear from you.

Thank you

 

[dos2unix]

It's good you have an apprenticeship opportunity. That gives you a chance to get your feet wet.

I'm on the system admin, network admin side of things. I do some devOps, mostly kickstart and ansible automation.
I'm technically on a software dev team, but I'm really the only person who isn't a software dev.

In the old days, you could be a jack of all trades, like a general practitioner family doctor. Now you have to specialize
in 2 or 3 fields, it's impossible to know everything about everything.

I've been doing this almost 35 years now. On AIX and Solaris before Linux. You never know it all.
There's always new technologies coming down the pipe every year or two. There's always researching, that's a big
part of the job. It's a lifestyle, typically you are on-call in a rotating shift. You're the guy who has to fix something at 2am.
You say you're divorced, but I have a pretty understanding wife, she knows how the bills get paid.

I worked in a data center for a long time. You can be a lone-wolf there, and it can be lonesome sometimes. If you like being alone it's not a bad gig. If you're on a product development team, then there is a lot of interaction, sometimes a lot of politics.
There's a software dev team, the cloud operations team, the network team, the design review board, the security team, and it gets to be a game of give and take.

This gets into distro specifics a little, but I recommend going with a fedora/redhat distro to get up to speed.
In over 30 years of doing this for the a few hospitals, the largest banks, the military, and the largest mobile telecoms, they all go with Redhat based Linux systems. There aren't really any debian based Linux's that are NSA approved currently. Ubuntu and Mint may be popular on the desktop, but Redhat owns the datacenter. It has about 70% marketshare. More than all other distro's put together. That's not to say some public industries aren't debian based. I'm sure you can find some.

But find a specific discipline and learn it. Really learn it inside out. Be the goto guy for something. Whatever your aptitude is...
bash scripting, network configuration, security, whatever....

For security, get familiar with openscap, lynis, CVE websites, The Vulners database, and the Mitre attacks web site.
There are others, but those are a good place to start.

I like what I do, but I will likely retire in the next two years. It's a nice feeling when you were able to save the business
one more time. You get to be a super-hero and a nerd at the same time. Kind of like Clark Kent.

That reminds me, I will be on a cruise from the 10th to 18th of this month. No internet, so you won't see me for a about a week or so.

Looking back, I did too many contracting gigs. I wish I would have found a permanent position earlier. I haven't gotten my RHCSA updated since Redhat 7, but since I've stayed with one company, they aren't requiring I keep it up to date. My Cisco CCNP is also about 12 years out of date.

 

[APTI]

I don't ever put much into tests and certifications. I have seen people with alphabet soup after their name with all the certs but literally could not plug a modem into a computer. My advice is to not worry about testing and certs unless required for the specific job. So many people making money off giving you a piece of paper that say what you already know, that you can do the job. Reputation is the big one for my money.
What I am trying to say is don't worry about paper. don't worry about tests and certs, worry about actually knowing what you are doing.
I have this in fire dept also. The guy with the nice clean new gear is the one that uses it the least and knows the least. We look for the guy in dirty beat up gear because he knows what he is doing. Be that guy in the dirty gear. Let others polish their stuff and look good, you can actually be good. So find somebody good that is willing to teach.

 

[Sherri is a Cat]

This gets into distro specifics a little, but I recommend going with a fedora/redhat distro to get up to speed.

I have the iso files for Fedora KDE. I'll install it in a vm tonight.

I just installed Zorin. I'm not sure I like it. I know it's in a vm, but it compared to LMDE in a VM it is VERY slow. The Zorin vm has more memory too.

I think I'll look into dual booting for Fedora. If I'm going to learn it I want all the resources I have available.

But find a specific discipline and learn it. Really learn it inside out. Be the goto guy for something. Whatever your aptitude is...

Cybersecurity is really appealing. I want to know how things work. I would think that's why I scored highest in that field. I used to take things apart to find out how they worked, so that makes sense to me I guess.

For security, get familiar with openscap, lynis, CVE websites, The Vulners database, and the Mitre attacks web site.

Thank you!

 

[Sherri is a Cat]

I don't ever put much into tests and certifications. I have seen people with alphabet soup after their name with all the certs but literally could not plug a modem into a computer. My advice is to not worry about testing and certs unless required for the specific job. So many people making money off giving you a piece of paper that say what you already know, that you can do the job. Reputation is the big one for my money.
What I am trying to say is don't worry about paper. don't worry about tests and certs, worry about actually knowing what you are doing.
I have this in fire dept also. The guy with the nice clean new gear is the one that uses it the least and knows the least. We look for the guy in dirty beat up gear because he knows what he is doing. Be that guy in the dirty gear. Let others polish their stuff and look good, you can actually be good. So find somebody good that is willing to teach.

As a landscape designer my education was 'backward' so to speak. I got a lot of real world experience before going back to school to study landscape architecture. The most important thing I learned is that there is academic education and then there is real world education. I'm glad I got a real world education first. I learned how to think outside of the box, I'm not limited by my 'education.'

A really good example of what I mean is retaining walls. I was taught a lot of ways to make a retaining wall in my construction classes. I could give you a real world, failing example of each one and tell you exactly why it didn't work. I can also point to the walls I built 10 or more years ago still standing exactly as they did the day I installed them. None of them were built the way I was taught to do them in school. One of those retaining was is living wall of plants. The last time I saw it was about 15 years after I installed that design. Everyone up and down the street and her husband told my client it would fall. They all ate their words!

 

[Sherri is a Cat]

@dos2unix

As I write this I can see you're still on the forum, haven't gone on vacation yet.
Which Fedora distribution would you recommend?

 

[theLegionWithin]

"IT" is an incredibly broad field - I'm on the support side of things (I enjoy fixing problems and talking to people), not the dev or netsec/infosec side of things, but I can tell you that while certificates are useful, and they'll let you get your "foot in the door", that's all they'll do. you need 3 to 5 years of real-world experience before you're eligible to start making decent money.

I'd say go for the apprenticeship - and soak up as much procedure as you can. in any field there's right and wrong ways to do things - if you're starting fresh, you dont know the wrong ways yet, hopefully make sure you have the mentality to always want to learn more - in IT, the game is dynamic. few things are static.

good luck!

 

[Mike-BTU]

Maybe this will be of some use.

What's the difference between Fedora and Red Hat Enterprise Linux

Both are operating system technologies, but Fedora is built by an open source community while Red Hat Enterprise Linux is developed by Red Hat with the explicit intent of being used as an enterprise IT platform.

www.redhat.com

 

[Sherri is a Cat]

Maybe this will be of some use.

What's the difference between Fedora and Red Hat Enterprise Linux

Both are operating system technologies, but Fedora is built by an open source community while Red Hat Enterprise Linux is developed by Red Hat with the explicit intent of being used as an enterprise IT platform.

www.redhat.com

LOL!!!

I already read that!

 

[Sherri is a Cat]

make sure you have the mentality to always want to learn more

This is me to a 'T'. I'm never satisfied!

 

[dos2unix]

If you have good internet connection, you can use the Server - netinstall iso.
If your internet isn't so great, you can use the Server - dvd.iso.
It doesn't really matter too much.

If you're used to installing Live/Desktop versions, the server versions are a little more difficult.
But they are more flexible about what packages you can install. Typically servers in datacenters are
command line only. Usually (but not always) they don't have a monitor, keyboard and mouse attached.
99% of the time you ssh in to the command line.

The server iso's usually will let you install Gnome, but normally you won't want it.

It doesn't have to be fedora, it can be Ultramarine, Nobara, NST, centOS, OracleLinux, RockyLinux, AlmaLinux,
or Redhat, they are all pretty much the same. Nobara is geared more towards gaming. NST is more of a hacker
release like Kali. Oracle and Alma are based on Redhat. Rocky is really the only one that claims to be a 100%
copy of Redhat.

The main differences between fedora based distro and debian based distro's are the packages and package manager.
rpm and dnf, instead of deb and apt. But if you can use apt, you can pretty much use dnf.

Debian based distro tend to use a firewall called ufw. Fedora based distro's use firewall-cmd.

Debian based distro's use a policy manager called appArmor. Fedora based distro's use SElinux.

Debian based distro's tend to want users to use sudo. Fedora based distro's typically want you to do things as root.
(but you can use sudo if you want to)

Other than those things, they are all really very similar.

 

[Sherri is a Cat]

Other than those things, they are all really very similar.

Well this is good!

I was just telling someone that I'm staring to put 'words' together on my own to put into the terminal. I'm starting to understand this stuff!

 

[Mike-BTU]

... Typically servers in datacenters are command line only.

The bare metal RHEL LAMP server I leased had cPanel. How common is that?

 

[dos2unix]

I leased had cPanel. How common is that?

Was it through a browser, or through a desktop GUI?
Fedora based systems have something called "cockpit". It's not really the same thing as cPanel, but it is a web interface
to manage system administration. I wasn't really counting remote browser as a GUI. Typically a GUI means Xwindows
on a local computer.

 

[Mike-BTU]

Was it through a browser, or through a desktop GUI?

A browser.

 

[KGIII]

The bare metal RHEL LAMP server I leased had cPanel. How common is that?

I've been involved at both ends of this...

That's common in the commercial server space, though they are charging you for the license for that (even if they're saying it's free - it's just not enumarted on the bill). In the 'rent-a-server' arena, that's pretty common because most rented servers are for public facing websites. In that arena, cPanel pretty much rules the roost.

However, in a business where they're not doing a bunch of websites, they're not concerned with easily maintaining hosting accounts. They also have hundreds of servers, as compared to your one server. They might have something like Wemin installed, as that's rather popular. They claim a million installs per year.

 

[gvisoc]

I've been working over the last 20 years in various roles around Software Engineering. I started developing, from fixing issues and running manual tests to the whole lifecycle of developing something, then I moved towards a more design-focused role (software architect), where I've been sitting for the most part. In the meantime I have been in more abstract roles like Enterprise Architect and I've also played with lots of integration tools in the later 2000s

Now I run a team of software architects but we (counting me as well) still develop smaller solution prototypes we hand over to the engineering teams. My team and I still consider me a decent engineer other than architect.

• What is good: if you like computers and computers like you back, it can be a very comfortable career with plenty of work opportunities.
• What is bad: there's a lot of toxic codebro culture. I've eyerolled so much that now I am able to see through the back of my head.
• What I like: the variety of problems to solve and those companies / projects that forced me to stay creative
• What I don't like: when in a project the calendar is so much more important than the quality or anything else, which is very often, you end up sitting on a pile of steaming technical debt. It can be very frustrating and the resulting software can be very stressful to work with.

 

[Gloster]

If you work in one of these fields I would really like to hear from you.

Avionic is a very interesting field, please refer to DO168C, the respective reference.
But you must have in mind, one line to program, it is possible to have to write 100 hundred lines for documentation.
There are so named level A-E, I only does know something about level A-D, E was not supported by the company, where I did work. Level A stands e.g. for primary flight control.

The standard language, "c", real time embedded systems.
But also very interesting "Vector control, also known as field-oriented control" to control the respective actuators for primary flight controls.
If you are interested in every programmed line will be (have to be) also documented by you, Avionic will be your field.

 

[MikeWalsh]

Debian based distro's tend to want users to use sudo. Fedora based distro's typically want you to do things as root.
(but you can use sudo if you want to)

@dos2unix :-

Heh. In-ter-esting...

For years I've been under the impression that we in Puppyland were the ONLY ones in the entire Linux eco-system who were daft enough to "run as root"..!

I see I don't know as much as I thought I did.

Good post, my friend. Most informative. Cheers.

What I am trying to say is don't worry about paper. don't worry about tests and certs, worry about actually knowing what you are doing.

Whilst I agree with this wholeheartedly, the sad reality is that the paper-pushers control things to such a degree nowadays that unless & until you first produce a piece of paper declaring that you know what you're doing, you will never otherwise be given even the chance to demonstrate your skills for real.

The abstract controls the reality, I'm afraid. When it boils down to it, it's all about covering one's own a**, plausible deniability & the "blame game" (the ability to "pass the buck" for anything that goes wrong onto someone else.....at every possible opportunity).

It's just the way of the modern world, y'know?


Mike.

 

[Gloster]

Heh. In-ter-esting...

For years I've been under the impression that we in Puppyland were the ONLY ones in the entire Linux eco-system who were daft enough to "run as root"..!

I see I don't know as much as I thought I did.

Good post, my friend. Most informative. Cheers.

On top SW engineering !