Need Advice - New Job

tkerber

Hey guys, I recently took a new position as a Security Analyst for a really large company. I was more than thrilled because I've always had a knack for Security but could never land a position. The position is second shift but that didn't really bother me much and the pay was great so I accepted. The first month I was on day shift working with other Security Analysts and now I've finally had some time to work the night shift and it's..... Absolutely dreadful.. The biggest problem being... There's no work... We have like one hour every night of duties we have to do and that's about it. I've literally spent the last several days sitting around waiting for work...

This has hit me so hard because I thought I would genuinely learn so much and it would be an amazing opportunity. I'm nothing more than a monkey that logs onto a computer at 9:00PM and hits a couple of buttons and runs scripts that someone else made. In fact I can't believe they're paying not only me but three other people do do such minimal work... It's the first time in my entire life I've actually wanted to just quit a job. It's actually painful waking up every morning and knowing that in 6 or seven hours I'll have to go back and try to trudge my way through this. I've never felt this way or have been in this position. When I worked day shifts it was amazing. I felt challenged by the work the day time Security Analysts do and I was engaging other colleagues and it was just great. I don't actually know if I can take another week or two of working these extremely boring night shifts... I'm restless, I cannot do any school work because of how stressed I am and it's ruining my life.. I want to tell my manager but I don't know what he will say since I'm so new.. If there are any managers on here please I'm in such need of advice..

yellowpad

How about taking the time to study for a master or doctor degree?

tkerber wrote: »

Hey guys,

vanillagorilla3

Use the time to study for a new cert or degree. I would even ask my manager for more work. Maybe they'll let you take on tasks from other senior security folk.

markulous

Agreed with above on studying and asking for more work.

How long have you been there? I'd say if you've been there at least 6 months, start applying for better infosec jobs. With security experience on your resume you can likely get a much better job.

NetworkNewb

I wish I could get paid good to have a bunch of free time to study and learn.... I have to stay up late at night after my kid goes to bed, and get about 5 hours of sleep to find some time. Must be rough

In all fairness, I know you were most likely expecting a job that would give you some good experience. Look at this way, that job will probably look decent on your resume and you have time to increase your skills and study for certs. If you take advantage of it, you can probably land a MUCH better job with much better pay in a year or so staying there.

gespenstern

Never had this problem. Each and every organization I worked for had TONS of ongoing issues nobody was willing to solve, many of which lasted literally for years. They are easily picked up from eventlogs (you are watching SIEM, right?) or other typical patterns when issue comes up, then archived because nobody wants to fix it, then comes up again and you get the idea.

Then I show up and do a thorough investigation that sometimes lasts for months and consumes all my free time.

Then I resolve the issue, do a write-up on what exactly I did, how I did it, how it helps the company to not have this issue anymore and for how much time it lasted and nobody was willing to take on it shifting the blame between teams and departments instead. I send this e-mail to my team, to a working group that was gathered to resolve the issue ages ago but dissolved and to my manager.

Then everybody gets excited because, say, payrolls get computed two times faster because of the issue went away, or some weird intermittent authentication issues went away, or you caught a really huge fileless APT that hides itself from every detection tool and is so sneaky that doesn't manifest itself until you look into specific place under specific circumstances.

And then BAMF you are employee of the month or get a bonus and higher ups see you in a kitchen and say "it was a great find, man".

And then you feel accomplished and put this into your resume and leave the company for a better salary.

How do you like it?

techfiend

Ugh, I'm afraid of this happening to me too which is why I'm being extremely picky. I can really offer anything else besides what others suggest, study up and move on.

UnixGuy

I've had this problem, actually VERY similar to yours as I was interested in security and wanted to get into it. I stuck it out, and less than a year later, I started applying for security jobs and got a lot of positive response just because I had the title and bit of exposure.

It's your call, you either move on now, or you start tackling a difficult practical certs (like OSCP, elearnsecurity, ..or CISSP, whatever you feel like), use that time to learn and move on afterwards. It can be painful but it's not the worst thing in the world.

Mike7

tkerber wrote: »

a new position as a Security Analyst for a really large company.
The position is second shift but that didn't really bother me much
Absolutely dreadful.. The biggest problem being... There's no work...
We have like one hour every night of duties we have to do and that's about it.
hits a couple of buttons and runs scripts that someone else made.

Do you know what the buttons do?
Do you understand what the script does?
Are you able to modify or fix the script?
How long will it take to finish the tasks if you do not run that script and do things manually?

Do you have a good understanding of your company infra security setup?
If hardware breaks down and things do not work, do you know what to do?

When we hire analyst with no prior experience, we give them access to the less critical components and observe what they do. At times, we ask them to improve existing documentation. The better ones explore the system and try to understand the entire setup and do their own notes and update the documentation. The not so mature ones will do nothing. Guess how they behave when hardware breaks down and things go wrong? Guess who get assigned more important roles?

Not every company have on-going fires to fight. The better companies are well managed and IT is viewed as something that is reliable. Maintaining this reliability requires personnel with steady hands. Some people are what I call "passive fire-fighters"; they only act (and learn) if things go wrong. Once the issue is resolved, they revert to inactivity until the next fire comes in. Others are more mature and self-driven; they try to understand the system and look for ways to optimize it. We need such people to keep our environment stable.

I believe they are trying to evaluate your attitude, level of maturity and willingness to learn, before assigning more important roles to you. Perhaps even transfer you to first shift where I assume all the exciting work is being done.

Since you are in the second shift, use the free time to understand the system. Doing a certification in technologies the company used such as CCNA or MCSA will also help. Even if this job is really that dead-end, the title and exposure will help in your next job.


Just my thoughts.

UnixGuy

Mike7 wrote: »

..

When we hire analyst with no prior experience, we give them access to the less critical components and observe what they do. At times, we ask them to improve existing documentation. The better ones explore the system and try to understand the entire setup and do their own notes and update the documentation. The not so mature ones will do nothing. Guess how they behave when hardware breaks down and things go wrong? Guess who get assigned more important roles?

....

This works - if the analyst is completely new to IT. However, I noticed that Security Analysts with no prior experience in Security but with tons of experience and sysadmins/engineers/architect will quickly find this task to be mundane and more suitable to a junior (I think this is the case with OP) .

Observe how the hardware work?? Most security gear is a straight forward simple hardware, an engineer who've seen it all will never spend time going through this sort of documentation because when things break he/she will be able to fix it - rather quickly. People move to security expecting to learn security, rather than learning how hardware works because they already learned that as sysadmins/engineers. Something to think about.

Mike7

Yes, totally agree. You can only secure something if you know the system well enough.


I have no idea how much sys admin/network/app experience @tkerber has. My experience with most security analyst had been less than positive. Most have security certs with little to none sys admin or network experience. Without the background, they are unable to perform their duties well.

Due to a customer requirement, we subscribed to a managed security service where the security analysts are supposed to analyse network traffic, IDS alerts and alert us of any attacks. Close to 100% of their alerts was false positives. For example, we had a run of 7 alerts about a vulnerability exploit attack on our DNS servers; the problem is that the destination IP does not point to any server and the vulnerability only applies to BIND (DNS service) versions more than 8 years old.

As part of VA scan findings, a security officer once told us to buy SSL cert to secure logins to web site we hosted for his company and using his company's domain name. When we told him to authorize the SSL cert purchase, he told us to write custom code to encrypt login.

UnixGuy wrote: »

People move to security expecting to learn security, rather than learning how hardware works because they already learned that as sysadmins/engineers. Something to think about.

Agree. I am one of them. I am all for people with sysadmins/engineers/app development background moving into security. They know how the system works and what the weakness are, and are therefore more capable of applying security over it.

Those with only security certs should dip into sys admin/networking/app development or, at least, have the passion and drive to improve their knowledge. The more they know about something, the better they know how to secure it.

UnixGuy

@Mike7: true I've seen people with security experience and 'firewall' experience but minimal sysadmin knowledge, it's bad! Last week one of the firewall guys came to teach me how to write 'grep' and read files on the firewall (they call it Unix lol). Sad thing is that he was really proud of his skill, and teaching me with an attitude of being a master teaching a little kid. I didn't put him down, I just thanked him and pretended nothing happened

They get really excited when they write a script or configure a hardware or do any basic Linux command, thinking that it takes smarts to do it. I find that amusing, and just try and learn bit more about the firewalls/proxies/ips etc whatever we have.

Remedymp

I have this problem right now and only started a few days ago. By end of January, I am out of here!

Get a few certs for myself and exit.

Mike7

@UnixGuy, was it fun?

You may want to get into infosec; you know SELINUX better than the firewall guys. Download, install and try security tools such as PFSense, security onion, Kali. Get that CISSP cert; you probably know more than 50% of the domain inside. You may like it.

There is currently strong demand for infosec professionals especially those with strong sysadmin/network skills, so it is easy to get in now. Surf the wave. 😃

UnixGuy

@Mike: never fun to work with not so bright peeps.

I agree with u, I'm in the interview process and moving on very soon. Without a CISSP. I'll cert up more though. Working on eLearnSecurity course now

Queue

I'm in your same position except I'm on the help desk. I have about 2 to 3 hours of accounts and minor work maybe PC builds. I spend a lot of time studying. It's awesome to be paid to study. I'm looking into WGU now as well do get my BS.

I work second and I have a hard time with it. My last job I was to be at work by 6:30 AM, now I'm 4PM to 12PM. I have trouble going to sleep when I get home and sleep a lot during the day I hate it, but I'm doing it to get a better job. I'm posting now at 11:17 PM haha.

I have no prior experience So I want to be here at the least a year. Its a great company in town and you just can't go bouncing around.

kohr-ah

I had a job just like that about 2 years ago.

Was so bored. There was no challenge. So I asked if I could have read rights to higher end equipment. I started to learn my CCNP more in depth. Looked at the higher end equipment. Tried to draw it out so I could understand it. See the scripts that existed. Learn the code. Can I make it better? Where there optimizations that were not in place that maybe should be that I could suggest?

How did the stacks work. Were they port channeled? Why or Why not and started to pick apart the stuff every day and it made my days go fast. Did the job get better?

I am not going to lie. Not totally. Parts of it did..However, it gave me the skills I needed on my resume and for my career to go up another 10k and a better job when they sold our company off and I found a new position within a week.

Take the time and study. If you need to hop then you need to hop but I'd pick apart their systems and try to start learning them inside out. Use the knowledge you can gain to further your career when you do leave. Pick apart the scripts. etc.

Mike7

@kohr-ah couldn't put it better. Make lemonade from the lemons.

tkerber

Hey guys I really appreciate all of your feedback. I've always loved this community a lot. So far I'm still trying to cope with the absolute boredom of second shift and it's not getting much better. I unfortunately haven't been here very long and the other problem is my history... I've job hopped a lot, some may call me a serial job hopper in some sense. Now to my point you could call up any one of my old managers and every one of them would say a good word about me. Every hop I've made was also a step up and never really lateral. However, I just don't know if I can continue to work a job that is this boring and hopping might destroy my career..... I know some of you are telling me to study and that would be the most logical. But something in me just finds it so depressing. I didn't think my team would be this segregated (half of them work from home) and I just don't feel engaged. It's completely thrown off my balance... If it wasn't for me being able to talk to my parents about this I'd probably have gone mad already and it's only been like a month.

I also mustered up the courage to talk to a recruiter I know really well for some honest feedback and it was.. Honest. He basically said that I'm at the point where companies may just not hire me if I make another move. I don't really think I can take another week of this.. It's actually starting to mess with my well being. There's a good chance I could always get my old job back but then I would need to stay there for a very long time to ensure my safety.

Remedymp

What exactly would you like to do after this position?

mabraFoo

Hey tkerber, I sent you a private message.

Mike-Mike

sucks as it might, at some point you just need some time on a job. Bouncing around scares hiring managers, even if the bouncing makes sense

TheProf

Job hoping is not always bad, depending on the type of IT professional you are. In the contracting world, no one really cares, in fact it could really benefit you having the experience with many different companies. What's hard, is passing an interview for jobs that are full time ops/admin/etc. Reason being, is because it takes time to train new hires, so of course the employer does not want to waste money, they want to make sure that whoever they hire, will stay with them for a few years.

Now, personally, I never do something that impacts me in a very negative way, such as impacting my personal life due to stress at work. We work so that we can provide for our families, but you have to love what you do, otherwise you're just going to be miserable. The best advice I can give you, is to ask your boss to be transferred to the day shift team and ask to never be put on night shift because it's making you unhappy and giving a lot of stress. In other words just be honest with your manager

Worst comes to worst, he/she says no. At least that way, you know you've tried. I would also recommend that in the future, when you apply to companies that seem interesting, make sure to ask a lot of questions, especially regarding things that might make you unhappy. For example, ask about the workload, the type of tasks you'll be doing, overtime, if working a night shift, what are the duties and what are the days like, etc. Basically the idea is that you want to avoid taking the wrong job.

Anyways, I know the feeling, I've been there myself, I've been there myself a few times, not fun.

tkerber

I really appreciate all the replies and yeah I totally agree with you guys on the bouncing and that's why it's a really bad spot for me. If I had some more experience behind my back with just one single company--say like 3 years or so I think I could totally shrug this off and feel confident but I can't. At the same time though without all of my job hopping I don't think I'd be where I am right now at age 22.

@ TheProf

I did get to speak to my manager and to my surprise he was really understanding and very nice about it. He has no problem changing me to days but the problem is there are no day shift openings. So who knows how long I have to wait, it could be a couple of days or a couple of years. I also did ask about the workload in the interview and I guess it just never hit me. I'm not really okay with sharing much information, but I will say that the amount of downtime we have would probably never be acceptable at most organizations and positions would be eliminated. I don't really know if management is even aware of it but it's hard to believe someone would knowingly allow it.

techfiend

tkerber: I know you have diverse experience to get a sense of most of the field. Is security exactly what you want to do?

Being in the same job market, I know there's dozens of new positions daily near you. Two requirements I've seen on nearly every listing lately is, bachelors or even masters, and career progression. BS really changed my luck, enrolling at WGU helped get my first job, graduating got my second that i start soon. Correct me if I'm wrong but the positions you've had seem like horizontal moves between different areas. Unless you absolutely want to be in security I'd really suggest trying to get a position where you can touch various things in a low stress position. There are plenty of SMB's looking for this right now.

Having your current position on your resume for a short time can be explained truthfully like you have here. Unless I was hiring for security it wouldn't raise concerns, most people get into positions they end up not liking. The job hopping is much more of a concern, I wouldn't want to invest in someone that could leave any day given their past. This short term position can be removed from your resume after you get another position. I really think you need to find a place you can enjoy for at least a year.

Best of luck!

culpano

1. Use the time to study for more certifications. Buy the training material and get a structured plan in place. You are getting paid to train !
2. Tell the company you are better than the job they are giving you to do. If they can't understand this then it's a pretty poor setup.

tkerber

culpano wrote: »

1. Use the time to study for more certifications. Buy the training material and get a structured plan in place. You are getting paid to train !
2. Tell the company you are better than the job they are giving you to do. If they can't understand this then it's a pretty poor setup.

I have been, it's crazy to think but at some point it's like 'man I just want to do some actual work'... I can study for almost my entire shift and it's great! But at the end of the day I'd rather be learning hands on and doing some real work.

Also to your second point I do realize I should probably have a second more serious talk if things don't change.. I just don't know how they're going to react and the last thing I want is to be let go of right now when I have nothing else on the table.

renacido

I don't even know where to start with this one, so much comes to mind...but I'll keep it short and sweet:

There are busy people. There are effective people. Only the second thing is worth a damn.

What will make you a better security analyst? What can you do in your position to make the biggest impact? Those are the important questions. And usually those are not assigned to you by your manager.

- Do you know the threat environment there? Who is most likely to directly attack? APT groups? Cybercrime? Hacktivists?
- Where are the crown jewels? What assets, systems, users, info are the highest risk? What attack vectors could be used to gain access or disrupt services?
- What are the most critical vulnerabilities? What could be done to mitigate the risk?
- Do you know the incident response plans, the most likely intrusion indicators, etc?
- Are the tools and infrastructure tuned and optimized based on the risks? Do you know where the gaps are? Can things be improved?

If you can't answer yes to these questions, you've got plenty of things to do.

You should also take advantage of the time and study to improve your own knowledge. You're new to security. There is soooooo much to learn. Most of us who've been doing this for a while (for me, 23 years in IT and 11 in security) dream of having time on the clock to spend on professional development. In a year you could learn a crapload about security, get certs, work on a degree, whatever you like, and get paid well while doing that.

You got a golden ticket. Be grateful.