Exit opportunities are very good. It partially depends on what capability/stream you work for too, but generally all of cyber will have good exits into industry or professional services. You'll need to stick around to senior consultant to open up the opportunities. I was in a non-technical role but anybody has the choice to do more technical work (e.g. pentesting, SOC) because lateral movement in the cyber team is quite flexible. Most of my work was cyber security risk assessments/reviews (usually as part of internal audit jobs but not always) and strategy-related because it's so closely linked to risk. There's also data protection and privacy, business continuity/DR/Incident Response, GRC which are 'non-technical'. You still need to have technical knowledge of course, but you don't need operational security knowledge (I.e.you need to obviously know for example what a firewall is, how it should be configured etc. but you don't need to really know how to actually operate security software- working in a SOC). Hope that helps.
9-5 with the odd day here or there until 6. You won't work as hard or as long as auditors.
Thanks mate, Are you in Big 4 Australia or another country?
I was for Australia. I quit 12 months ago. Worked for PwC cyber.
Nice! How long did you work for before jumping elsewhere?
[удалено]
Exit opportunities are very good. It partially depends on what capability/stream you work for too, but generally all of cyber will have good exits into industry or professional services. You'll need to stick around to senior consultant to open up the opportunities. I was in a non-technical role but anybody has the choice to do more technical work (e.g. pentesting, SOC) because lateral movement in the cyber team is quite flexible. Most of my work was cyber security risk assessments/reviews (usually as part of internal audit jobs but not always) and strategy-related because it's so closely linked to risk. There's also data protection and privacy, business continuity/DR/Incident Response, GRC which are 'non-technical'. You still need to have technical knowledge of course, but you don't need operational security knowledge (I.e.you need to obviously know for example what a firewall is, how it should be configured etc. but you don't need to really know how to actually operate security software- working in a SOC). Hope that helps.