Cybersecurity, INFOSEC, and CND woes

evarney

I've been looking to make the leap from being a traditional routing and switching network admin/engineer (i use that term loosely), to a role as a CND, network penetration tester or INFOSEC professional.

My frustration with networking is not rooted in the technology itself, but in people who break things and don't tell me, or suddenly fix things and don't tell me. Troubleshooting something for a solid two weeks only to have it magically come up right around the time the opposite interface's network engineer goes on vacation can do that to you.

I still plan on keeping my Cisco certs, and stay abreast on the latest technology, but I really need some time away from this.

That said, what pisses you off most about penetration tests, network defense, or offensive network/system analysis?

Ertaz

All the extra sleep I get at night from not being on-call?

evarney

>< I have a work recall cell phone and it doesn't fit in my pocket. It reminds me of the green screen tracphone my parents bought me when I was in 9th grade.

docrice

evarney wrote: »

That said, what pisses you off most about penetration tests, network defense, or offensive network/system analysis?

Having to clean up after people, exactly like the situation you describe. Infosec often spends what I feel is an excessive amount of time getting things lined up so the security team can actually make a difference and find/contain threats. But when other teams keep the environment messy and/or noisy due to sloppy practices, lack of discipline, lack of documentation, or non-functioning business practices, it really speaks volumes about why life in infosec is difficult. A lot of it's just putting up with these inefficiencies.

evarney

sounds like you've been at it a while. I'm really not chasing money, I am kind of feeling stuck though and I need to move around as late twenty something because I literally have no personal life and a lot of times I get stuck in some really isolated or remote place with people who are barely civilized, twice my age, or just irritating as hell. at this current moment I have all three of those things plus I am dealing with a bunch of administrative overhead that interrupts the actual act of work.

docrice

One of infosec's allure is constant adaptation and learning new things on a frequent basis. If that feeling of stagnation irritates you, then you likely make a good candidate for the security domain. I suspect you'll need to relocate or do something similarly dramatic to make the change though based on my impression.

evarney

only a slight move actually. But when you are a single guy with only a few boxes and a tiny donkey to carry your things, it isn't so hard.

Sometimes i feel like i would rather tear systems down rather than built them up. The next best thing is pen testing...

markulous

Maybe being a 3rd party pen tester or auditor would be good for you. If you're an internal security guy you're going to run into the same issues you have now. You'll have programmers and admins who have no idea about security and see it as an inconvenience.

TechGromit

evarney wrote: »

My frustration with networking is not rooted in the technology itself, but in people who break things and don't tell me, or suddenly fix things and don't tell me. Troubleshooting something for a solid two weeks only to have it magically come up right around the time the opposite interface's network engineer goes on vacation can do that to you.

I think this is pretty common in some organizations. I remember was I was a mid-frame computer operator, A program would stop working in the middle of day, call the programmers up, did you change anything? 95% of the time they claim they didn't, but 10 minutes after we call them, everything works right again. Didn't change anything, yea right.

Where I work now, everything has to be pre-approved, scheduled and notices sent out. This way if there's an issue, we know right away what the probable cause was. There was one guy that made a change to a core router without approval or peer checking, he took down the entire location's networking for 10 minutes, 3 months later he was fired.

the_Grinch

I've come to one truth that holds in all cases: no one knows the true consequence of a change they are making. This is truly where monitoring comes into play as, in my opinion, it is the only way to understand what you have and what effects the changes you make actually have. I monitor a number of environments and while I look for specific things I am often in a position where I know the systems better than those who design and maintain it. As an example, I once saw a large number of "security" alerts that made no sense. I examined the alert and concluded it was not a security issue, but was able to determine that there was a problem. Since I had the alert I could see which system was having the issue and I was able to reach out to the provider to find out what happened.

Ultimately a configuration change went into effect and the policies/procedures called for a reboot once those changes were in place. This was not done and in turn began generating errors. Now I have a specific alerts for this issue and can call it out with 100% certainty when it creeps up.

The other item that we have to take on is making sure we are involved from the beginning. At my place they love coming to us at the end of a project and saying "what's you opinion?". At that point if I have any concerns or objections, security related, that whole project will be on hold. Thus I make it a point to check in with supervisors on the various projects to make sure we're visible and to hopefully catch problems before hand.

markulous

That's always good when they ask for your input and will put the project on hold. Too many orgs do what they want and tell the infosec guys to make it work rather than working as a team.

evarney

markulous wrote: »

That's always good when they ask for your input and will put the project on hold. Too many orgs do what they want and tell the infosec guys to make it work rather than working as a team.

"Shut up and color".

Ever just want to tell a system admin that lots of tards go on to live kick ass lives?

the_Grinch

It took a lot of work and probably before my arrival they wouldn't have considered it. But I was lucky in that my team was able to articulate the importance of information security (especially after issues had arose). I don't always get everything I want, but at least I can raise the issue or risk so it is considered.