Pros
You get to use different IT/Cyber tools that help really beef up your resume. They also pay for (most) certs, given the cost is within a reasonable amount. Coworkers are great, and the culture is great as well. If you complete a task outside your job description, the really go above and beyond to give you recognition, even if what you did was something very small. That being said, its easy to impress them. They also hear you out, and will fix/help you with whatever complaint you have. Met some great coworkers.
Cons
I left the company sometime last year, and while I won’t go into too much detail to protect my anonymity, I feel compelled to share my thoughts based on my experience. (Yes, I'll admit that I had this review saved on my computer for almost a year prior to posting.)
As many others have mentioned, the pay is significantly lower than industry standards. While I understand that the company offers opportunities for those with little to no experience to break into the cybersecurity field, it often feels like they take advantage of that fact. There’s a consistent narrative of "we gave you a chance to grow your cybersecurity skills" to justify the low compensation, which can come off as a bit manipulative.
Unfortunately, it’s hard to ignore the fact that entry-level part time roles (often described as "interns", i.e. their "Event Response Analyst role) are paid at rates comparable to minimum wage jobs, which is a major concern. Even once you move to full-time, the salary still falls far below what you'd expect for similar roles in the industry—by at least $15-20K. And the benefits are subpar. For example, my cousin working entry-level retail had better full-time benefits than I did in my full time role at CFQ.
In terms of job titles, the company often gives employees titles that sound more prestigious than the actual responsibilities they entail. For example, when transitioning from part-time to full-time in the SOC, you’re given the title of “Cybersecurity Analyst,” but the role itself mostly involves what you were already doing as a part timer; monitoring frivolous alerts and sending them off for clients to review (if they look bad). There’s minimal triaging or in-depth analysis, and the job duties are far from what you’d expect from a true Cybersecurity Analyst position. The full-time position includes an on-call rotation, but even that doesn’t significantly increase your responsibilities -rather it hinders the math when it comes to hours worked vs pay. When its your turn to be the on-call, they require you to always be no more than 15-20 mins away from your computer, so good luck trying not to leave the house when its your turn as the on-call. Granted, getting paged is a very rare occurrence, and if you miss it, the next person up the ladder gets the page, so its not a super big deal if you don't respond, but they will talk to you about it.
Another thing worth mentioning is how the company manages its online reputation. They seem to actively work to bury negative reviews, sometimes using loyal employees or management to post glowing reviews to counterbalance feedback like mine. I personally saw a review on a popular search engine (rhymes with 'shmoogle' *wink, wink*) that echoed many of my concerns, and it was "magically" removed despite receiving a lot of thumbs up.
The work is mainly remote, however, if you live close enough to their office, they might have you come in once in a while (there's a rotation). When I worked their, they mentioned reworking some contract to be able to make remote work for their SOC a permanent thing, i dont know if that ever got done. Either way, its wasn't fair forcing only certain people to come in when others didn't have to, even though those "others" lived close to the office too.
Despite the drawbacks, I did gain some valuable experience during my time at CFQ. I met some great people and was able to build my resume, which opened the door for my current position. However, if you choose to work here, I strongly recommend investing in certifications and continuing education to make sure you’re prepared for more challenging roles down the road. The work done in CFQ's SOC feels very surface-level compared to what you’ll encounter at other companies in the cybersecurity field.
In conclusion, while CFQ can be a decent starting point for gaining exposure to the field, it’s not the place to stay long-term if you’re looking for competitive pay, meaningful responsibilities, or solid benefits.