Options
Question for everyone
Breadfan
Member Posts: 282 ■■■□□□□□□□
I have been at my job a year now and its not what I thought it would be. Background: It took me forever to break into IT, but I caught a lucky break getting into Info sec. I am an Information Security Officer and when I got this job (based on job description, etc) I thought I would be getting back to the hands on I sorely missed when I was doing C&A and risk management at my previous job. I wont get into specifics about why I dislike this position.
Recently, a friend of mine told me about a position where he works, but it is a Network Admin III position, and not in security. It deals with VMware farms (which I miss) and AD servers on a Tier 3 basis.
I have been looking for security positions casually for a few weeks, but everything is either a short contract or pretty much like what I do now and little to no hands on. I am looking to get back into the security engineer side of things instead of the policy and procedure side.
So my question to the board is this: Should I apply and pursue something out of the Info sec realm simply b/c I am looking to leave where I am and, or sit tight and keep looking? I know I don't need to stay there forever and I can get back some of the hands-on I miss as some my skills I believe have gotten "rusty" since I don't get to touch things only apply the policies and procedures to them on a daily basis.
Thanks.
Breadfan
Recently, a friend of mine told me about a position where he works, but it is a Network Admin III position, and not in security. It deals with VMware farms (which I miss) and AD servers on a Tier 3 basis.
I have been looking for security positions casually for a few weeks, but everything is either a short contract or pretty much like what I do now and little to no hands on. I am looking to get back into the security engineer side of things instead of the policy and procedure side.
So my question to the board is this: Should I apply and pursue something out of the Info sec realm simply b/c I am looking to leave where I am and, or sit tight and keep looking? I know I don't need to stay there forever and I can get back some of the hands-on I miss as some my skills I believe have gotten "rusty" since I don't get to touch things only apply the policies and procedures to them on a daily basis.
Thanks.
Breadfan
Mark Twain
“If I cannot drink Bourbon and smoke cigars in Heaven than I shall not go.
“If I cannot drink Bourbon and smoke cigars in Heaven than I shall not go.
Comments
-
Options
kohr-ah
Member Posts: 1,277
If you want to stay in infosec I wouldn't leave it to another job just to try to get back into it. I would sit tight.
If infosec wasn't what you thought it would be and you'd like to go back to the admin/engineer life i would take the other job. -
Options
E Double U
Member Posts: 2,232 ■■■■■■■■■■
Sit tight and keep looking.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
Options
dustervoice
Member Posts: 877 ■■■■□□□□□□
Stay and keep an open eye....Just out of curiosity what "Job title" in infosec would have the right balance between policy & procedures and technical work? -
Options
UncleB
Member Posts: 417
just to echo the other opinions - :
- stay where you are
- keep getting paid while you look for another position
- develop your certs and other related skills (eg time management)
- be patient and don't jump until the right opportunity comes along.
Being in a job is actually a good thing when looking for another job as it will show prospective employers that you are employable. Those out of work are a risk as there is often (but not always) a reason for them being out of work, which will put some employers off taking a chance on them unless they are desperate.
Iain -
OptionsRoyalRaven
Member Posts: 142 ■■■□□□□□□□
I have been in this situation multiple times. I know exactly what you're going through.
What has worked best is to do some self reflection on what you enjoy the most. Forget money, forget how "hot" InfoSec is at this time...what do you enjoy doing every single day the most? If I asked what your absolute favorite time in IT was, what were you doing?
My pattern has gone like this: 3-5 years in tech/engineering-like roles, then 1-2 years in InfoSec, rinse, repeat. I never left technical roles due to the work, but to try advancing, but I keep going back since I can't stand being hands-off after a while. I wouldn't say InfoSec is boring, but it's not pushing the buttons for the most part and isn't as much of the "build stuff" experience. I feel my technical skills typically slide in InfoSec where my business skills go up. I do get very frustrated with InfoSec over time though...go figure.
You can always leverage your past technical skills to get back. It just depends on how much you want to do that. If you have enough skills and experience, you can go in either direction or change later...just keep progressing in one of them. I still think anything learned in technical roles makes you a better InfoSec person anyway. It also makes you much more valuable than others who do not have those experiences. It certainly provides new perspectives as well. -
OptionsBreadfan
Member Posts: 282 ■■■□□□□□□□
Thanks everyone for the replies
@dustervoice - you asked what title in infosec has the right combo? I think info security engineers, but I am not as I have only been a info security analyst and an officer, and both were policy pushers.
@royalraven - yes, my train of thought is actually what you said. my issue here is that due to my past jobs right before taking the infosec roles, I dwelled and stayed too long in one role at one company and this affected my pay (no raise or bonus for 7 years) and my next few positions b/c now I am playing catchup paywise from what I make and what I should be making (e.g. avg. salary in this role, CISSP, etc). I have learned from that and dont want to become too "comfortable" or stagnant as this affects your attitude and skills I think. The position I am thinking of taking advertises as about 20%+ more than I make now, plus the added bonus of working with VMware which I love.
If anything, maybe I can apply, and listen to what they have to say and offer. I may not even get a call for the job, so who knows. I just dont want to jump ship at the first site of land (if you know what I mean).
On other note, I just paid for elearnsecurity's PTS course and will begin diving into this weekend (hopefully). I will do write up of it if anyone is interested. I signed up for it since I need some CISSP CPE's and wanted to learn a bit more on pen testing. This knocks two birds in one stone
Thanks again to everyone for their thoughts.
BreadfanMark Twain
“If I cannot drink Bourbon and smoke cigars in Heaven than I shall not go. -
Options
NetworkNewb
Member Posts: 3,298 ■■■■■■■■■□
I'd definitely be interested in to what you think about the elearnsecurity's PTS course. I'm thinking I might want to look into some pentesting towards the end of this year. -
OptionsRoyalRaven
Member Posts: 142 ■■■□□□□□□□
I was also in the same org for a while doing this flip-flopping in roles/groups and realized it was also a limiting factor (likewise with raises or lack thereof). Moving on was good to fix some of those issues.
I wouldn't question someone leaving security full time to go back to ops (sysadmin, networking, etc.) because the skills are transferable. It's when you stay in certain areas, like risk, audit, policy or management where you have a good chance to abandon the technical work and it becomes difficult to move back.
As best said by one of my professors: The best career trajectory may not be up. Do what interests you the most and the rest will follow in time.
