Security Folks out there....

Cyberscum

Does anyone else in the security field feel like a glorified lawyer?

I have been in the security field for some time and it feels like the longer I am in the field and the higher I go up the more IT stuff I forget, don't touch or have no use for. I basically ONLY deal with laws, reg, policies etc at this point in my career. I kinda feel like I am not even part of IT anymore as I am more of a manager role.

I am not complaining by any means, I love my job. It just feels weird, I feel like a lawyer more than an IT guy nowadays.

Is this pretty much the norm for your IT security jobs out there, or am I just in a policy driven place?

docrice

Sounds like you're more on the policy and compliance side of things. Very important stuff, but generally a different workday compared to the technical trenches.

Gorby

GRC has many policy based roles where you can be far removed from touching technology and focus more on policy. My job is one of those where I mainly do C&A related work.

Cyberscum

docrice wrote: »

Sounds like you're more on the policy and compliance side of things. Very important stuff, but generally a different workday compared to the technical trenches.

I have done both tech and compliance roles. I cant really say I like one or the other more. I do miss being aroung the "guys" a bit, but I do love making a direct impact on the company in my current GRC role.

Cyberscum

@ Gorby,

C&A is very interesting stuff, especially when you deal with multiple classifications. What framework(s) does your company follow?

cyberguypr

You are in a policy driven role, that's it. Does it bother you to the point where you may consider looking for a hybrid GRC/technical position? I know I would hate either a 100% GRC role or a manager role.

Cyberscum

@Cyberguypr

I actually enjoy it for now because I love to learn new things. I actually find it infatuating learning about all of the different and very complex laws. It tapped into the part of my brain that loves the tech stuff.