working on my skills - resume

jamesleecoleman

It's been a couple of years and I've had the same skills on my resume and I'm trying to move more into InfoSec. The last job was two years doing tier 2 helpdesk stuff but I was the only guy there for the most part so it was mostly break-fix with password resets in AD and reimaging.

Now I'm the main person that does IT but I have support from a third party when I need it. I've been making GPO's, O365 administration, break-fix, asset inventory, AD account creation and a few other low level things.

The security related things that I've created a risk register, put a Snort box out that I'm still working on, doing nmap scans to help me with documentation and I'm using Nessus Cloud to help discover vulnerabilities that we have within our network and on our assets.

I plan on expanding on the risk and vulnerability stuff and getting the IDS (Snort) box to work just for starters. But all of this is for a small organization and I feel like that people will look down on what I've done and pretty much tell me that it's not enough.

So I'm not sure if it would be safe to put under the skills section of my resume, these skills:
Vulnerability management
Risk management
Nmap

I do my best to try and read up on the NIST publications that are out there to assist me with what I'm trying to do for the organization. I'm interested in obtaining the CISSP and CRISC certifications as well.

Anyone have any advice? Could I possibly be on the right track?

jcundiff

you are on the right path, you are working with vulnerability and risk management and sounds like you are the R and A on the RACI chart for those areas so why not list them.

If you are doing the tasks, it doesn't matter if it is a 100 person company, or 1000, the processes are the same... just the volume is increasing