Unsure of career path

srjsrj Member Posts: 58 ■■■□□□□□□□
I am having difficulty with deciding where to go from my current position. I am currently a System Administrator, but have been taking on more Information Security tasks. I'm being asked to come up with what I want to do in 3-5 years and it has me stumped. I think I could be happy in a number of positions.

Current position:
- Handle maintenance tasks/patching on Windows, Linux, and Mac systems
- Use Python, Powershell, Bash, and PowerCLI to automate repetitive tasks. Most scripts/utilities are modestly sized (100-300 lines of code). I do understand OOO and do use classes when it makes sense, and don't typically write anything longer than 20-30 lines of bash without creating functions. Use Git to version control scripts.
- Have done some investigation of use of Ansible and Salt. I've setup basic roles that were parameterized so they can be used for various use cases. I'm no expert here yet, but I'd like to expand my knowledge and deploy a config management tool.
- Assist team members in completing security reviews and remediating security vulnerabilities. This includes creating data flow diagrams, some threat modeling, etc.
- Currently expanding my knowledge of web applications to be able to perform internal pen tests.

Weaknesses:
- I don't get much if any exposure to networking. I can troubleshoot basic issues from a client, but I do not configure routers, switches, firewalls, or load balancers.
- I don't get the opportunity to work on large application deployments and maintenance. Most of the maintenance revolves around security changes.

What I Enjoy:
- Writing scripts and tools to automate things
- Learning about new technologies and implementing them
- Mostly anything related to security

Potential Career Moves:

1. DevOps Engineer - I believe I could transfer my general knowledge of OS and configuration management tools. I'm familiar with version control (Git) and can script/write small tools. I would need to learn more about tools like Jenkins. If I ended up in a smaller company using AWS, then a lot of my weaknesses related to networking might be less important. They seem to abstract it at a much higher level.
Pros
- Exposure to both operations and development sides of the business
- Would not likely be difficult to move into a security role from here, and might be able to move into a software development role from relationships with developers
Cons
- Probably not as much exposure to security as I'd like
- Likely to have significant on-call

2. Security Engineer - I have a good understanding of OS security and I'm expanding my knowledge of application security. I have enough knowledge to understand stateful vs. stateless firewalls, etc., but it isn't my strength as noted above. I do really enjoy most of the security tasks that are assigned to me.
Pros
- Likely possible to have no on-call, or lighter on-call
- I really enjoy App Sec., threat modeling, etc
Cons
- Likely the most difficult position to transition into either DevOps or Software Developer position from
- I currently lack a very strong background in either Infrastructure, or Software Development, which would be helpful in moving into a security position

3. Software Developer - I think that I could enjoy writing software. I know Python already and have taken courses in C and C++, so I understand statically typed languages as well. I also figured that after a couple more years of Operations and Security, that these skills could be valuable on a software team.
Pros
- Likely the highest paid on average of all three
- Probably easiest position to transition into any other IT-related position from (including DevOps or Security Engineer)
- Having operations and security experience might really benefit me considering a lot of developers have niether
Cons
- While I enjoy programming when I want to, I'm not sure how I'll handle 40-60 hours a week
- I don't have a Computer Science background
- I'm not sure that I could get a software development job in a large company like I'm at today (at least initially)

Any thoughts on these careers? I know it is a bit crazy asking others what you should do with your future, but I'm really stumped. My initial gut reaction says DevOps would probably be the easiest of the three to break into. Software Development might open up the most doors.
Sign In or Register to comment.