How has your role changed and do you like it?

E Double U

I was hired as an Info Sec Analyst to manage firewalls, VPN, IPS, email/web filters, etc. But a C-level exec wanted Info Sec to take over physical security so now we're overall bank security. Now I control building access, alarm panels, and the ip cameras. Pulling NVR/DVR footage after a bank incident may seem exciting, but a lot of time I'm watching paint dry trying to figure out when the reported incident occurred since people almost always provide the incorrect dates/times lol.

I find myself doing almost an equal amount of physical security these days which isn't too bad except when someone wants me to review several days of footage over a long holiday weekend to see who left a door unlocked. Looking at blueprints for a new branch design and where to place cameras/control panels/alarms is pretty neat.

I'm curious to hear how your roles have evolved and how you felt about the change.

P.S. I was working in the NOC calling out circuits for two years when I was asked to go to Mumbai to give a two week training to the help desk. Besides feeling overwhelmed by the responsibility, I was also excited about the opportunity to visit India because I love to travel. Good thing the 1st choice made too many demands like flying 1st class (next). 2nd choice didn't want to travel alone as a woman in India (understood). 3rd choice said he was allergic to curry (c'mon). Worked out for me.

gespenstern

I started with physical security and have done it for 7 years. Yeah, in the end I designed CCTV, access control, fire, alarm & burglary systems, license plate recognition and even centralized and/or hybrid uninterruptible power supply systems. It's often nice to work with your own hands, connect wires, use soldering iron, etc.

To get the idea, that was one of my ACS projects with ~2000 wire connections:

http://image-store.slidesharecdn.com/a0585586-0f73-11e3-bb94-22000a91e9a7-large.jpg

However, the pay is usually less than in infosec and this whole domain isn't that hard and after a while it becomes too boring to do that.

P.S. and that's too bad that you have to rewatch footage for incidents, that could be extremely boring. Usually it is done by security operators/NOC staff. And what's worse, you can't post it on youtube for fun if you find something funny.

E Double U

gespenstern wrote: »

P.S. and that's too bad that you have to rewatch footage for incidents, that could be extremely boring. Usually it is done by security operators/NOC staff. And what's worse, you can't post it on youtube for fun if you find something funny.

We have a small security team so we wear many hats.

I was actually excited about looking at footage because I thought it would be robberies. Besides one guy breaking in at night, most incidents have been fraudulent checks and transaction disputes lol.

tahjzhuan

Is compensation particularly good in the financial sector? In manufacturing and I can't complain, but finance seems like it would be more lucrative.

E Double U

tahjzhuan wrote: »

Is compensation particularly good in the financial sector? In manufacturing and I can't complain, but finance seems like it would be more lucrative.

We're a regional bank and I'm making $70k plus benefits (annual/Christmas/vacation bonus, 401K, medical/dental/vision coverage, working remotely, paid training, certification exams/books reimbursement).

Just passed the CISSP and if I pass the GCIH I plan on asking for a significant increase in 2016.

gespenstern

E Double U wrote: »

Besides one guy breaking in at night, most incidents have been fraudulent checks and transaction disputes lol.

During my electronic security tenure I watched car & pedestrian accidents, arson, multiple cases of stuff theft, fist fights etc. It wasn't that funny as one can guess based on what's seen in movies... Most cases were during nights with poor lighting, basically just barely distinguishable shadows, plus, most of the time footage didn't have enough FPS to be spectacular enough.

gespenstern

E Double U wrote: »

I'm making $70k plus benefits

That's what I'm talking about. For Cali it's barely enough to stay afloat especially if you have to pay rent or mortgage and I'm not talking about supporting family. And you are CISSP! Man, you are undermining this cert, ask for a better pay immediately!

N2IT

It's always changing I do nothing but project work.

Cyberscum

Hiring managers used a "bait & switch" to get me into a C&A role. I was hired for a Sr. Sys Adm job and the third week there they made me an ISSM and said "Oh yeah BTW the entire system needs to be accredited and is actually operating on an extension that expires in 1.5 months."

...."Being that I was now the ISSM I was responsible to accredited the system. Needless to say it was foul practice. I learned a lot and meet some great people so all in all it was a good exp.

E Double U

gespenstern wrote: »

That's what I'm talking about. For Cali it's barely enough to stay afloat especially if you have to pay rent or mortgage and I'm not talking about supporting family. And you are CISSP! Man, you are undermining this cert, ask for a better pay immediately!

LOL luckily my wife has a nice salary too. Once ISC2 says I'm fully certified I can bring it up to the CISO.

E Double U

gespenstern wrote: »

Most cases were during nights with poor lighting, basically just barely distinguishable shadows, plus, most of the time footage didn't have enough FPS to be spectacular enough.

Pretty much!

Cyberscum

@ges and E Double

Actually am now being put in an hybrid ISSM (Info sec manager) ISSO (InfoSec officer) SSR (Special security) role ha ha ha. No kidding I am on three appointment letters. I will be dealing with SOP's, C&A's, SCIF accreditations, physical security, alarms, IT systems and the list goes on and on.

I actually like the physical security role sometimes; Working pure IT gets boring every now and then so its nice to work with my hands when I want to.

E Double U

Cyberscum wrote: »

Actually am now being put in an hybrid ISSM (Info sec manager) ISSO (InfoSec officer) SSR (Special security) role ha ha ha. No kidding I am on three appointment letters. I will be dealing with SOP's, C&A's, SCIF accreditations, physical security, alarms, IT systems and the list goes on and on.

I actually like the physical security role sometimes; Working pure IT gets boring every now and then so its nice to work with my hands when I want to.

I don't see you being bored at work anytime soon lol.

I get annoyed with the physical security part when I have to pull footage from a branch with older cameras. Slow as molasses they are. Going out to the different branches is cool though.

the_Grinch

Haha, sounds a lot like law enforcement. TV/movies show the running and gunning. It isn't until you are on the inside that you realize it's 98% boring work and about 2% fun stuff.

I was brought in to audit network designs and at this point I've helped design a SIEM, monitor it, configure a network (plus monitor it), setup clusters of servers, help with everything that even smells of IT (as far as approvals go), perform network investigations, perform audits, and write regulations.

We'll see if I stick it out here as there isn't room for promotion (I will get raises though) and would really like a place that would either pay for school or at least send me for courses/certifications.

gespenstern

Cyberscum wrote: »

Working pure IT gets boring every now and then so its nice to work with my hands when I want to.

Oh yeah, I miss it. I love the smell of napalm Soldering iron, cool physical tools and physical relays clicking sounds! It's not your dumb and boring SMTP relays...

Too bad that this forum engine doesn't support bb code for strikethru