Help with choosing security role

mnashe

Hi everyone,

This is really a two part question.

First, can someone point me in the right direction as to what type of security position I would be looking for, if I'm interested in the some of the following

Data Loss Prevention
Identity and Access management firewalls,vpns, DDoS prevention
Endpoint protection
network segmentation

Second, what certifications should I go after for my resume for that type of role? Also, besides certs what's the best way to learn these skills, as having the skills is most important. Resources would be most helpful (books, videos, software trials, etc)


Third and probably harder to answer, is this a good long term career goal (permanent job), or would this only be successful for the short term. I'm always worried about being out of work.

TechGuru80

Most of those options are different types of positions.

I would first think about if you want to be a generalist or a specialist. If you want to be a generalist, you can learn pretty much a little of everything and can really just choose whatever you feel like learning at the time or areas that you are weak...if you want to be a specialist, decide what type of specialty you enjoy (from your options). If you want to be a very technical professional, you should try to specialize in an area or two and focus your efforts. If you want to be more managerial, generalist is probably a better option but not 100% required.

Looking at your certifications, are you most interested infrastructure? If so, keep going on the Cisco path.

It's unlikely that as a security professional you will be unemployed or unemployed for long.

mnashe

TechGuru80 wrote: »

Most of those options are different types of positions..

Would you mind explaining what the different type of positions are? I'm a little confused

TechGuru80 wrote: »

Looking at your certifications, are you most interested infrastructure? If so, keep going on the Cisco

I also have experience with Microsoft, but these are really my active certs. Infrastructure does interest me, but other areas may too, I'm just not exposed to them. The things I listed above "sound interesting". I don't think I want to be tied down to a specific vendor or technology. I'm thinking, I prefer to be technical, but don't really want necessarily deploy hardware but I'd like to be a pro at configuring these items to enhance the security.

cyberguypr

To the point of different positions, bigger companies will most likely have full separate teams for everything you listed, whereas smaller companies will try to push as much as they can in a security JOAT role. Keep in mind that some roles will be technical while others will be GRC oriented. If you want to stay technical beware of GRC jobs masqueraded as technical.

Examples of dedicated roles:
DLP - https://transunion.taleo.net/careersection/tuext/jobdetail.ftl?job=17000443&src=JB-10121
IAM - https://jobs.carmax.com/job/5706961/security-engineer-identityaccess-management-richmond-va/
Endpoint - https://sjobs.brassring.com/TGWebHost/jobdetails.aspx?jobId=2455661&PartnerId=11716&SiteId=113&codes=IND

If you want to understand security roles a bit better you can check this, especially chapters 4 and 5.

Finally, make sure you check the job boards to see what your target market is looking for. That should help you get a better idea of what to focus on.

mnashe

Thank you cyberguypr. Chapter 4 is where I can see myself at. I understand your point regarding different size companies having dedicated positions. I can totally see myself being interested in either of those 3 positions (if I lived in that area), but would also be fine is that was one combined job description. For me, it's about figuring out how to get the skills to be ready for them. If that meant requesting trial software and installing it in my home lab, I'd do it 100%, but say for Symantec DLP, they don't seem to offer a trial. In the past week, recruiters have contacted me for security engineer positions that wanted someone with experience with IPS/IDS, RSA/SSO, DLP, VPN, firewalls, cyberark


My current company has no training budget, scream security first, but is not investing in any solutions. They don't allow open source solutions either, so it makes it tough to advance in the security realm, which is why I'm trying to go at it alone.

I know CISSP will be good for my resume, but I also want the skills to go with it.

BuzzSaw

I think Cyberguy is right in the fact that large companies often have a lot more segregation in terms of job roles. However, I will say this, I work at a pretty small company, and I do almost all of the items you listed in your OP. So I think it's just about searching for the right fit.

I run and manage our end point protection suite. I run vuln scans. I work with our Cisco gear and manage a network containing about 200 segmented networks within it. I setup VPNs, manage custom access, etc ...

My suggestion would be to search for a role that would allow you to leverage into more responsibility in the areas you'd like to be in. The fact is, the areas you started are all pretty closely tied together. It's not like you are trying to use a Cisco cert to get into the accounting department. In my experience, your best shot would be a small to medium business that doesn't have huge department. Something that will allow you to sort of get closer to being a "jack of all trades". The trade off is, often the training budget is small or non existence.

I say all of that to say you can find a job doing a lot of different things. I would recommend finding a way to leverage your current experience to get into a position that overlaps with a position you'd like.

mnashe

Thanks Buzzsaw. I agree. Maybe I'm overthinking it. My thought was learn as much as I can on my own, that way when i apply for those jobs, I have some knowledge, other than what I'm working with daily

BuzzSaw

mnashe wrote: »

Thanks Buzzsaw. I agree. Maybe I'm overthinking it. My thought was learn as much as I can on my own, that way when i apply for those jobs, I have some knowledge, other than what I'm working with daily

That's a good approach for sure. I just think you might be able to find a position that can help you do both. It's hard to replace on the job training.

For my two cents worth, I think if you are looking for a track of self learning, I'd recommend setting your sites on something like Sec+ and then CASP. Both of those have a low barrier of entry as there is no specific experience requirements. Further, the path you take in learning the skills and knowledge to pass those will help you with a pretty strong foundation and starting point. Since you are smart enough to pass CCNA, I'd imagine the concepts and knowledge for those will come pretty naturally.

There are a lot of really good books out there too that make some of this stuff pretty engaging. However, specific things like Endpoint protection as an example are going to be a bit harder to learn without hands on experience. But, you can definitely get a good understanding on how that technology works on a fundamental level. Check sums, disk scanning, real time threat stop, etc ... These are all technologies that you can learn, but how they are specifically applied to each business varies.

To add: If you're anything like me, you want to self learn so that you don't feel like a fish out of water if you end up with that opportunity to show you know more than people think you do. The great news is, unless you are involved in a very detailed conversation, high level knowledge usually will be enough to instill confidence. As such, I wouldn't worry too much with specifics, but rather trying to gather a broad base of knowledge to help your own internal confidence. Once you have that foundation, other things start falling into place easier. Understanding PCAP **** is a lot easier once you have a good understand of the OSI layer (as an example)

mnashe

BuzzSaw wrote: »

To add: If you're anything like me, you want to self learn so that you don't feel like a fish out of water if you end up with that opportunity to show you know more than people think you do. The great news is, unless you are involved in a very detailed conversation, high level knowledge usually will be enough to instill confidence. As such, I wouldn't worry too much with specifics, but rather trying to gather a broad base of knowledge to help your own internal confidence. Once you have that foundation, other things start falling into place easier. Understanding PCAP **** is a lot easier once you have a good understand of the OSI layer (as an example)

Exactly. I also just like to learn as much as possible. I never really considered Comptia certs, as in my area they are rarely asked for. Could be smart to go through it anyway, or at least learn the material while pursuing something else. I thought about going for GSEC, but not sure about spending $6000 on my own

NetworkNewb

mnashe wrote: »

I thought about going for GSEC, but not sure about spending $6000 on my own

Yea, I would never pay for those myself. Unless you were doing it via the work-study option.

UnixGuy

I did one of those specialised security roles (DLP)....was bored to tears. Big companies pay a lot for a specialist role. I didn't last, boredom got the best out of the eventually.

mnashe

UnixGuy wrote: »

I did one of those specialised security roles (DLP)....was bored to tears. Big companies pay a lot for a specialist role. I didn't last, boredom got the best out of the eventually.

I can see that, but I can also see for the short term, it might be great for experience.

UnixGuy

mnashe wrote: »

I can see that, but I can also see for the short term, it might be great for experience.

Kind of, you get to learn more about the product and other stuff like governance and some technical details, and you start getting contract job offers that pays really well but it's dangerous because you become extremely silo'd and you only know that one product. I wouldn't do it again