InfoSec and Security - not that glamorus of a field people - Wake up!

Gess

Glory?

It put a roof over my head, food on the table, cars/motorcycles in my garage, and computers in my study. Who needs glory?

Anyone that signs up for an IT career for glory deserves what they get.

pinkydapimp

As stated. The reality of Info sec is its a huge area that has alot to it. That's also evidenced in how hard it is to actually protect an organization. You need strong processes, user training, governance and compliance, smart risk analysis, access controls, regular audits, trusted employees, management buy in, etc. It takes a lot. No one person is going to reap the rewards of a successful security program. it takes many. That also means that you can get into info sec many ways, and also do many things. As stated, its not just pen-testing. I think the same goes for IT in general as well. its mot just desktop, network and sysadmin work. Both are really broad terms.

SoCalGuy858

I'm in a unique position compared to most, in that I was able to jump into a dedicated security position after only a few years of being a sysadmin / help desk guy. Expressing an interest in security to my very security-minded boss paid off when he was lateral "promoted" from IT Director to Information Security Director. Since we're a new security department, and it's just the two of us, I've been able to get my feet wet in quite a bit of things, from authoring tons of policies; designing and running vulnerability scanning infrastructure; crafting mock phishing e-mails for security awareness assessments; and running gap analysis, auditing, implementing governance controls for ISO-27002, NERC-CIP, and PCI-DSS etc. I love it and drink it up, but I will say that given my fairly short time (compared to most) as a sysadmin, I feel that I am at somewhat of a disadvantage. Despite that, though, I just find myself continually identifying weak areas of knowledge and studying my butt off (as I think anyone should!).

Mike-Mike

SoCalGuy858 wrote: »

I'm in a unique position compared to most, in that I was able to jump into a dedicated security position after only a few years of being a sysadmin / help desk guy. Expressing an interest in security to my very security-minded boss paid off when he was lateral "promoted" from IT Director to Information Security Director. Since we're a new security department, and it's just the two of us, I've been able to get my feet wet in quite a bit of things, from authoring tons of policies; designing and running vulnerability scanning infrastructure; crafting mock phishing e-mails for security awareness assessments; and running gap analysis, auditing, implementing governance controls for ISO-27002, NERC-CIP, and PCI-DSS etc. I love it and drink it up, but I will say that given my fairly short time (compared to most) as a sysadmin, I feel that I am at somewhat of a disadvantage. Despite that, though, I just find myself continually identifying weak areas of knowledge and studying my butt off (as I think anyone should!).

I am in a somewhat similar situation, although just starting. However I'm very excited and can't wait to dig into it

Blackout

People ask me all the time, Im not a security guy, but I always tell them get REALLY REALLY good with Linux. A lot of them will start to mess with Linux and it will kill their Drive lol

SteveLord

I call our security team the party of NO!


And as talented as they are, I've been around them enough to agree with what many posted here.

itstudent10

I like this thread, because like SoCal a few posts above, I also came into it with relatively short experience as a sysadmin and even though I wasn't expecting the hacking that everyone else outside of IT thinks (trust me, I read the job duties before getting into it), I did expect to get more enjoyment out of it. I'm currently in a sec analyst/governance role and looking at spreadsheets is what I do most of the time sadly. I thought of it as a way to get into a more technical role (what that means, I'm still admittedly figuring that out - I do like vulnerability management somewhat - since as a sysadmin I enjoyed patching vulnerabilities, but being on the other side in an enforcer type role isn't a good fit for me either), but after reading other threads, I realized maybe I jumped too quickly.

ramrunner800

There are lots of positions available in infosec for those without much experience, if they are driven and really really want to be there. I love the fact that I make more money than most people can hope for to do things that I personally find very sexy and exciting. Sure, combing through logs and file systems for infection vectors may not be what everybody finds sexy, but I love the thrill of the hunt. I'm certainly not well rounded enough yet to go do this in a small organization where I'm the go-to guy, but in a large organization where I can be the padawan surrounded by Jedi Knights teaching me their ways it's perfect. There are lots of positions like that out there, and I think that the tone of this post is way to down on those who might be excited to get into this field.