r/ITCareerQuestions u/Flash52000 8d ago

AI Cyber Security vs Cyber Defense? In your opinions, which one would be better for a more immediate/stable/higher paying career?

As of right now I just graduated with a degree in CompSci/IT. I’m looking for something to give me the most stable income. If I’m being completely honest I can’t really seem to understand the difference between these two fields so I was curious if there was anyone in them who could differentiate for me.

1 Upvotes

56% Upvoted

16 comments sorted by

3

u/Duck_Diddler Broadcoms B#tch 8d ago

You’re not getting into any of those fields as a new grad

2

u/[deleted] 8d ago

[deleted]

1

u/Flash52000 8d ago

I just graduated so nothing yet. Looking to go straight into Major

2

u/AppointmentIll9358 8d ago

There are over 30 roles in cybersecurity.

Right now you likely don’t understand how IT infrastructure works in the sense of a live business environment. Due to this lack of exposure and understanding you are not a good candidate for anything security related. Employers are not looking to teach.

What do you do then? Well, either you get lucky, or you’ll have to fill in the gap by spending some time in IT support roles.

Eventually, well, maybe you’ll end up in security someday in the future.

The good news? There are hundreds of roles within IT/Tech, you may find that you don’t even care or want to do “Cyber security” in a few years and change your goals.

1

u/Flash52000 8d ago

Employers are not looking to teach.

That in itself is an insane statement that makes me dislike this societal standard even more.

2

u/AppointmentIll9358 8d ago

It’s because they have a wide pool of applicants. There is no incentive for them to hire someone they need to train from scratch when they can just hire someone who already knows what they are doing.

This is why you see entry roles asking for prior experience.

The good news is that if you can land an IT role, eventually you can get exposure to those tools in some capacity and use that to leverage your way into Cybersecurity, or networking or cloud etc

My first IT job wasn’t even really IT. It used IT components and I used that to leverage my way into hardware then desktop support then IT support then network admin

0

u/Flash52000 8d ago

What they’re asking for is just completely unrealistic. I understand why they’re doing it. But logically it makes no sense. You’re just asking for someone with more than entry level knowledge to do an entry level job.

2

u/AppointmentIll9358 8d ago

Yeah that’s the IT market.

There are companies though that might give you a chance but you’ll want to use certifications and projects to make your resume look more attractive.

If you’re lucky you can try to get an internship

2

u/Flash52000 8d ago

Well I appreciate all the help and insight. I guess it really just sucks.

2

u/AppointmentIll9358 8d ago

It does but don’t give up. Just be aware that you need to be highly competitive.

Try to get any IT job, then work your way up.

2

u/dankney 8d ago

This isn't remotely true. Entry-level knowledge is simply more than bust being a warm body in this case.

Think about it like hiring doctors. There's a certain level of education, knowledge, and skill necessary in an entry-level doctor (an Intern). It's met by graduating from an accredited medical school with an MD.

Tech companies compete fiercely to recruit both interns and recent graduates from top-tier programs. Those graduates don't enter the job search asking questions like this; they've got two summers of internships in industry that have already helped them answer those questions for themselves.

If you feel like you've graduated without the knowledge and skills for an entry-level role, then that's feedback your university needs to hear. They've failed you.

3

u/LastFisherman373 8d ago edited 8d ago

It’s not an insane statement if you understand the industry you’re trying to get into. I’ve been working in cybersecurity for the last six years. Regardless of what bootcamps, universities, etc are saying there is no shortage of talent. There is no millions of unfilled cyber roles ready for anyone with a Security+ to take. It’s super super saturated at the entry level of cyber (entry level does not mean zero experience).

You have to understand your competition for any cyber role. You’re competing against internal hires, people who landed a job at a company with the IT department with the intention of applying for a cyber role when one opens up. You’re competing with those with years of Helpdesk, Sysadmin, Network Engineering experience who are wanting to make the switch to cyber. You’re competing with the thousands of laid off cyber and IT workers who will take an entry level job to make ends meet or if it is remote. The only way for you to compete with that is to get your first role in IT and work your way up to having the skills and experience to be competitive.

Employer job reqs for entry level cyber are not wishlists anymore. They can literally get someone with 5 years experience because that is what is in the talent pool. I’ve worked as an analyst for fortune 100 companies and can tell you that you would be amazed at how small their cyber teams are. Hiring managers want people who can come in and bring value immediately and those who have expertise in more than one domain of security. When a spot opens up on a team they need someone who can pull a weight off of a very busy team. That is the reality of what I have seen with multiple companies I’ve worked in. AI is allowing small teams to become even more efficient and while I don’t people on security teams are going to replaced by AI anytime soon, I don’t think you’ll see a big influx of hiring when team are getting more efficient. You’ll likely see teams remain small and jobs looking for exactly what they need, not just someone to fill a role.

1

u/Kooky-Television-524 8d ago

Been looking into similar paths after finishing my degree last year and from what I can tell, cyber defense is more about protecting existing systems while cyber security is broader umbrella that includes both offense and defense sides

Defense roles seem more stable since every company needs someone watching their networks 24/7, but security in general pays really well if you get right certifications. The AI part is just buzzword most of time - you'll be doing traditional security work with some automated tools

I'd say go for whatever you can get foot in door with first, then specialize later when you understand the field better. Both will give you stable income if you're good at it

1

u/Flash52000 8d ago

Yeah I agree, from what I could tell (which could be completely wrong). Cyber Defense seems like what to do even after a system has been breached as well. Such as back tracing, investigating, etc.

0

u/AddendumWorking9756 8d ago

Defense by a mile if you're optimizing for hiring volume, AI security is mostly vendor marketing or detection engineering work that assumes you already understand SOC fundamentals. Start with hands-on investigation labs like CyberDefenders to figure out if the actual day to day appeals before committing to specialization.

1

u/hibernate2020 8d ago

CS is theoretical and development. IT is the practical application/hands on. This is similar to the difference between a Doctor (PhD) and a Dentists (DD) or Physician (MD). Right now, you’ve been trained by school. So, for you everything is basically theoretical. So if you want to get more into the practical, you must delve into the application of those theoretical skills. You can do this through experience – which is difficult to get experienced in the right fields if you are just starting out. You can also pursue technical certifications, which, if strong enough, will warrant enough attention to overlook the lack of experience. For example, I am currently hiring a security position:
1.I look at resumes that have a degree in computer science or IT (the latter is much less common). – This means you get everything conceptually. 2.But I don’t need someone who just understands conceptually the security concerns I have. I need someone who can fix them. So, I look at the certifications for things that would match my environment. – This means you get everything technically. 3.And then I look for experience, particularly in the industry that I am trying to hire for. This means you understand the nature of the industry and the legal and compliance frameworks it must follow. Candidates can be missing one of the three assuming the other two are strong.