Career Guidance- Being in CND and Expanding role
Z0sickx
Member Posts: 180 ■■■□□□□□□□
Hello all,
first post on here and i am hoping to get some guidance from your guys experiences.
Right now I have been on the Computer Network Defense side of InfoSec/IA. Currently an SME with the tenable product suite doing vulnerability assessment and giving guidance on how to utilize it. I do not actually have any experience in a live production network, just testing. My big question is how do I build off what i know? I am interested in Incident response & Computer forensics, but i am not sure if that is a realistic next step. I was thinking taking what i learned now and being the person who maintains/builds the software, and learning the ins and outs of doing on production with a new company. I want to expand my horizons but i feel doing more of the same will just take me back to square one.
first post on here and i am hoping to get some guidance from your guys experiences.
Right now I have been on the Computer Network Defense side of InfoSec/IA. Currently an SME with the tenable product suite doing vulnerability assessment and giving guidance on how to utilize it. I do not actually have any experience in a live production network, just testing. My big question is how do I build off what i know? I am interested in Incident response & Computer forensics, but i am not sure if that is a realistic next step. I was thinking taking what i learned now and being the person who maintains/builds the software, and learning the ins and outs of doing on production with a new company. I want to expand my horizons but i feel doing more of the same will just take me back to square one.
Comments
-
Bloogen
Member Posts: 180 ■■■□□□□□□□
Hey,
Welcome to the board. It seems like you have got to a point in your career that feels like your a bit stuck and looking for what to do next and luckily it sounds like you have some options. There are a lot of variables that are not known from your post that might help someone provide some advice but I will start with some general advice.
It sounds like you have an idea of what you want to work towards ("Incident response & Computer forensics"), but you also mention; " I was thinking taking what i learned now and being the person who maintains/builds the software, and learning the ins and outs of doing on production with a new company."
To be honest I am not quite sure what you mean by the second statement. If you feel you know the direction you want to go towards and this new position doesn't get you there I wouldn't suggest taking it. The problem with making a move that isn't towards your goal is sometimes instead of being neutral you end up actually going away from your goal because so much energy is being used on learning new skills, new systems etc that you don't really care about.
Avoid accepting a new position just because it's a available or convenient of it doesn't line up with any of your goals. I agree that you should expand your horizons as currently you might be a little too far in a specific direction with one product and you likely need more exposure to different technologies and environments to better discover your interests. This is especially important near the beginning phases of your career.
This is likely a tricky time in your career as it sounds like you a fairly early on. If you feel you need more help and think it might be beneficial to talk it though I would be happy to help. I am just about to start a project where I help people in similar situations like you by have a 30 minute conversation to discuss your options or goals or next steps and stay in touch as much as you want to help guide you through. It can be tough at the beginning of your career to know which way to go and I wish I had more guidance in these situations.
If you are interested you can book a 30 minute session using the link below (it's free and I'm not selling you anything)
Book a 30 Minute One-On-One IT Career Strategy Session
For anyone wondering if I would be willing to do the same for them, absolutely! Use the same link above (I will update it to a proper landing page shortly when I formerly start this project.)
For those wondering why I am doing this; 1. I truly enjoy helping people in these situations and have been fortunate enough to be doing this already in person and as a technical trainer. 2. Helping people one-one-one will give me a better idea of the kind of content and systems I can create moving forward to help people in a similar position a larger scale. -
Z0sickx
Member Posts: 180 ■■■□□□□□□□
Sorry to be more clear on my second statement. I use the tool in lab environment for the most part. I have not used the Suite of tools in a live production environment solving real problems for an organization. to me that was the next Lateral step. I do have an interview with a company that is just using Nessus to do scanning i would be Conducting prod evaluations of third-party products ,Deploying sec technologies in lab & production environments. and looks like i will be be getting exposure to certain features of windows (LDAP, Active directory) i have not dealt with before. So with this particular position in mind I believe i would be expanding my horizons.
You do make a good point that this would not directly help me with getting into incident response and Computer forensics. Question is how does anyone move from the different realms of security? this offer will likely be in the 90-95k range and is better then the 75k i make now, its a brand new contract as well.
I will take you on your offer and schedule something