Hi @Christopher Clai ,

oh that's a tough one! (There are so many )

• Security starts with the person behind the computer. Most systems are secured from external access and it's super hard to attack from the outside. Therefore attackers target the employees as it is easier to target a human being than a secured environment.
• When I started in Security I was super excited to learn all the amazing things that hackers do to attack environments. When I found out that missing Security Updates and misconfigurations are some of the top reasons computers are being hacked, I was somehow disappointed.
• Being on the blue team is harder than on the read team:
  • As a red teamer you only have to succeed once to attack an environment - as a blue teamer you need to succeed all the time to defend it.

Those are only some misconceptions, there are many more. But one additional word of advise to aspiring Cybersecurity Professionals:

• Whatever career you pursue in Cybersecurity - don't let the amount of knowledge and the required skillset discourage you. You can learn everything if you invest in your knowledge (although it's sometimes discouraging). And even the smartest people don't know everything. :)

Miriam

@Christopher Clai  that you have to be programming superstar to be involved with security. I spend a large part of my consulting engagements talking to people about how their business operates and explaining options. Many security issues and solutions can be solved without writing a single line of code

@Christopher Clai 

Human remains biggest threat to Information Security. We could not install Anti-Malware, Firewall, ... on human and we could only train them. Even in case we use policies and tools like AIP to protect data, we couldn't protect what user sees and reads. 

Human error is biggest concern for Information Security too.

We shouldn't forget about physical security, like location of CCTV, people who have physical access to sensitive locations. Printed documents and so on.

We need right tools and technologies but we need some in-place policies and monitoring too.

Information security is not only connected with computers. It is more about any type of information security. I mean, we can speak about our personal data, some important documents of some companies, businesses or government. Even when we install a home security system, we are taking care of our security. By the way, the level of security can be different as well. For example, if you install some unreliable DIY system, you can't be sure you are totally protected. The information about your wi-fi password can be stolen and used to turn the system off. If you have a professional security system, for example, the Ajax system, the situation differs.