Question about the different roles in security
cloud802
Member Posts: 19 ■□□□□□□□□□
I'm researching different roles in IT Security and wanted to know from some members on TE what roles in security do you have and what responsibilities. I did research myself but I would like to get more information on the roles other than just the titles. I'm trying to plan a a way to break out of my IT Auditor role as I don't feel it's something I want to stick with long term. I'm still interested IT Security and don't mind occasional paperwork, but I wouldn't mind doing more technical work in my future role as well.
Comments
-
--chris-- Member Posts: 1,518 ■■■■■□□□□□Your in an auditor role now?
I would like to hear how you get into that line of work I am aiming for more of the administrative/policy minded work in the long run, so this interests me. -
cloud802 Member Posts: 19 ■□□□□□□□□□Hey Chris, yes I'm an information security auditor working with external clients for the most part.
I got into this role after working as a jr systems administrator, I applied to my current position by looking for security companies in my area and applying directly on their website. It ended up working good because the company was seeking a someone with systems and network experience that would be able to understand some of the technical control families in the interviews with client sites for a security assessment and authorization. I guess it also didn't hurt that since it was my first security role, it would be better for the company to train me than have to find an experienced candidate for a higher salary.
A basic overview of my job is categorizing a client information system's risk based on FIPS 199 and using NIST 800-53 as guidance when conducting site interviews on their policy and procedures. Depending of the scope of the SA&A I may do vulnerability scanning on a client network as well to report vulnerabilities.
It's a good role in itself and if you enjoy administrative and policy writing you would like an auditor type of position. But for me, I discovered that I like the more technical side of IT security, not necessarily a pen tester but not 95% writing and meetings either. -
Vask3n Member Posts: 517Currently working as a security analyst. I like the current workflow because I get to do a bit of network engineering and a bit of software development at the same time. The SIEM that we use for log monitoring and network activity is actually built in-house so I get to write some custom IPS signatures and rules by using raw logs as reference. In addition to that, lot's of security investigations in response to abuse complaints, planning deployments, and in general just staying on top of the industry by learning more and getting certs.Working on MS-ISA at Western Governor's University