Career Path - Areas of Growth

g33k3r

I transitioned from SysAdmin/operations to security about 2 years ago. My experience with SysAdmin work covered security operations in the areas of firewalls, access controls, IDS, group policies, vulnerability scanning, system hardening,..... The last two years my roles have focused my efforts on GRC (Governance, Risk Management, & Compliance) for PCI. My new role is leading me into the world of FISMA/NIST/FIPS. Do people see this area growing and in demand? Pen testing has always fascinated me, but my aptitude and skill set will probably keep me on the blue team.

Thoughts and comments appreciated!

Thanks!

g33k3r

Is there a better place to post this type of question?

636-555-3226

Security is a growing & in demand area. If you're interested in GRC you're in a good place with those standards. Most companies I see right now are filling technical roles, but eventually they're realize security is a business issue, not an IT issue. Once that happens, they'll start hiring managers/directors/CISOs. If you've got a few good, solid years of GRC under your belt you'll fit right in and make oodles of noodles.

g33k3r

Thanks for the feedback. I have many years of sysadmin work which includes defensive security functions. Additionally I've spent a lot of my spare time learning about the offensive techniques (Metasploit, SET, Burp, BeEF, Kali, Backtrack, Python) to have an understanding of a portion of the tools used by the red team. My previous and current security role emphasized compliance with PCI and now FISMA because this is a requirement to do business which generates revenue.