I'm going to assume that "cyber security" in the context of a bank means that they offered you the opportunity to join their pentesting team. If that is not the case, most of this post is probably irrelevant.
(I started writing this post before OP clarified).
TL;DR: Being a pentester is very hard and very rewarding. Do it if you are a hacker at heart, and if enterprise dev will be too monotonous for you. Don't do it if you're looking for a slower pace, easy going job, or don't have the will/drive.
This is the same choice I had to make a few years ago. Only in my case the pentesting position came with a considerable pay cut, because I would be joining a team with a very different skill set (that I didn't have). That is the first point that I would like to make: dev != pentesting. You may be working with
some of the same primitives, but your approach and mindset is
completely different. Just about the only dev you'll do is quick, ad-hoc scripts/tools to help you in your pwnage.
It looked to me like it would be a win in the long run: I would come out a couple of years later either as a skilled infosec professional (if I loved it), or go back to dev with specialised infosec knowledge and experience. Point number 2: Infosec is not a niche industry. It's very rapidly increasing in both importance and size. Just search for some infosec spending statistics.
I went for it, because at the time I had few commitments and dependants that would be affected by the pay cut (i.e. I was young and single
). So the risk for me was pretty low. [Side note: at the end of the day infosec is all about risk]
As I mentioned before, it was a whole different ball game. The amount of stuff to learn (theory, methodologies, processes, tools, ...) is
immense. On top of that, you
need to stay up-to-date with the news; as a pentester it is expected of you to know about the latest attacks and vulnerabilities out there. You have to be a sysadmin to know what mistakes sysadmins make. The same goes for devs, network admins, devops, ... You have to know it all. And in an evil way.
Even with all of that, it was incredibly fun! The rush of popping a shell on a target machine, or getting onto a box deep in a network, is something I've not experienced in development. The lows are pretty much report writing, and realising how screwed our society is with its reliance on ICT.
I'm now back in a kick-ass dev job, although still in the infosec space (trying to ease the above mentioned reporting). The primary reason for my return is probably that I never was quite good enough, and after a while I wanted to go back to building rather than breaking. Basically, I've come to realise that I am a dev. I do not regret my time as a pentester at all, since I believe I'm way better off for it.
This was at a great local pentesting company (there are a few), so I don't know how the experience would translate to a banking environment, other than some anecdotes from my pentesting colleagues that came from the banking and accounting industries: it's less exciting at the banks since you're mostly working on the same handful of systems (not a completely different client and/or industry every other week), but the pressure is also less.
What is clearer is that infosec is a whole lot more fun than enterprise software development in the financial/banking sector... and that is probably where your career will stay if you stay a Java dev. If you're happy with that, stick to it.
Salary-wise I think pentesters are similar to devs, although the scarcity of senior pentesters should push up the upper edge of their salaries considerably. I can't back that up, though.
Sign up with Google
, that actually sounds exciting.
for SharePoint or C# as an example but honestly where do you know Cyber Security being done as mentioned in my last post except for banks and the 1 company in JHB/PTA?
