Jump from Infrastructure Management down to Security Engineer/Analyst

So has anybody else here made it through the ranks of IT into management just to want to go back down to an engineer role? Here's the scoop of my situation

17years in IT starting from desktop all the way up through sys admin to infrastructure management (VMware, Servers, Backups, SAN, NAS, Exchange, COOP, 15 direct reports). Got MS in MIS, and MBA from state schools. I work for a mid-sized company but don't get paid much more than I did as a sys admin. Lots of responsibilities of management (reporting, proj mgmt, personnel, meetings) but I still have to keep up with the race of all the technologies that are under my umbrella (can't relax because I'm still a working manager).

Since there is no budget for an IT security dept, that responsibility has fallen to me so over the past few years I've had to do more on the security end from reporting, documentation, audits, remediations, etc. I'd have to say that it's more fun to work in a concentrated task as I do for the security end vs. having to multitask like crazy like I'm currently doing in my role.

I've noticed that, at least where I'm at, IT security positions pay better than sys admin/my own mgmt position and I'm pondering the pros and cons of jumping out of management to a security role.

Pros
Same amount of $ for a more concentrated work focus
Get to learn and develop in another IT area
All certs in 1 IT security bubble vs right now...VCP, MCSE, etc for infrastructure.

Cons
No longer in management (It does have certain perks)
It would be going reverse from what my whole career-education has been focused towards since the beginning.

Find more posts tagged with

Comments

thomas_

Is it possible for you to find another management job that pays better? Are you willing to give up on the technical hands on side if you were offered a better paying management position where your duties would be purely managerial?

Mide

Yes I believe after I get a few more years of management under my belt, I could transition up to a non-technical position. I'm sure one of the major things that is eating at me is that I seem to have the title, but the same salary with a lot more responsibility. That whole "getting burned out" feeling is becoming more apparent, but I do need to stick around some more to make the resume seem stable.

UnixGuy

Mide wrote: »

Pros
Same amount of $ for a more concentrated work focus ==> Not always
Get to learn and develop in another IT area
All certs in 1 IT security bubble vs right now...VCP, MCSE, etc for infrastructure. ==>Wrong! CISSP, SANS(heaps!), Offensive Security, vendor certs.....!

^^I've just commented on some of the Pros. I say get more management experience and move somewhere else!

gespenstern

I don't think it's beneficial money wise.

And as UnixGuy said there are tons of certs in infosec. ISACA (several), ISC2 (several), EC-Council (several), Offensive Security (several) and GIAC (tons) + vendors' from Symantec, MS etc.

You can be more or less well-rounded after probably 3-8 advanced infosec certs which are no joke to sit for and will certainly demand a lot of time and effort to prepare for.

If you really don't care about money and breaking your career trend, then I guess you can transition and spend time learning tons of new stuff, but for what? It sounds more like you just need to change your employer. Like for the one that has a separate budget for infosec and doesn't overstress its infrastructure manager.

Also, many things in this life seem exciting at first. It's a chemistry of your brain, like falling in love for the first time. Harsh reality is this goes away after a while and you are left to deal with routine. You won't live forever, you age and your energy isn't limitless, there's a price for a career change one has to pay and it's not cheap.

Also you can work on convincing mgmt at your existing place to a) find a budget for infosec otherwise they are getting a burnt out manager quite soon b) hire an infrastructure architect so you can offload some technical stuff to this position. 15 direct reports is enough to have an architect in such a team.

Mide

Good points all around. Yes I know there are a ton of different infosec certs, but they 'seem' to be in a similar bubble although yes I admit that offensive vs vendor-SIEM monitoring vs CISSP are all different in their own way so that's probably a moot point. Yeah the more I ponder I'm sure I just need to eventually get to another company that has a correct budgeting methodology to separate out different functions and to have enough personnel allocated to them. VPs and up are quite unbending in their IT structure beliefs unfortunately.