Pentesting vs Network Security Admin

scenicroute

Considering two paths to go down in the long run:

One would be red team/pentesting work, and eventually some sort of higher level managerial role for which I'd do something like OSCP and then CISSP.

The other would be network security administration where I could work with Cisco security appliances, and I'd do CCNP Sec and eventually CCIE Sec.

I'm not sure which I'd enjoy more, which has better future prospects, or exactly what the ups and downs of each would be like. So any feedback is helpful. I have a little exposure to each and I'll be gaining more this year, but not enough yet to make a well-formed opinion.

fabostrong

Crazy you said this because I was just going to make a post on the same thing.

I'm very interested in offensive security/red team/pentesting work as well. With that being said, I'm not sure what the job market is like for that kind of work. I'm not sure what the growth looks like that for a pentester. Is generally junior pentester to senior pentester? What's the ceiling for pentesting?

I'm also pretty interested in network defense. I feel like the growth and opportunity for this is probably more considering every company wants to secure/shield their network and minimize losses if/when breached. It also seems like most certifications or at least most certifications that appear on resumes are related to network defense.

So yeah, I'm also unsure about which route to go. Looking forward to people's thoughts on this.

Thanks OP!

scenicroute

fabostrong wrote: »

Crazy you said this because I was just going to make a post on the same thing.

I'm very interested in offensive security/red team/pentesting work as well. With that being said, I'm not sure what the job market is like for that kind of work. I'm not sure what the growth looks like that for a pentester. Is generally junior pentester to senior pentester? What's the ceiling for pentesting?

I'm also pretty interested in network defense. I feel like the growth and opportunity for this is probably more considering every company wants to secure/shield their network and minimize losses if/when breached. It also seems like most certifications or at least most certifications that appear on resumes are related to network defense.

So yeah, I'm also unsure about which route to go. Looking forward to people's thoughts on this.

Thanks OP!

Our dilemmas may be a little different as your mention of network defense and said description seems a lot like blue team work. I already figured out blue team work doesn't interest me. Network security administration, on the other hand, deals more with administering and configuring security appliances, and doesn't deal as much with threat response, incident handling, etc. like blue team work does.

As far as pentesting goes, I know it pays very well if you're a sole proprietor. But working for other people, I'm not sure. I do believe IT security in general will always be around and there should always be some level of opportunity. But as to how good those opportunities will be over the next 10 years, or how stressful/enjoyable the work will be, I'm not sure. Network security administration, on the other hand, may dry up in the near future. That's my one worry about going down that road. How many organizations really need a CCIE Sec person?

These are just some of the things I'm trying to figure out.

NetworkNewb

I've always wondered if a Network Security Admin role was almost too specific, as a lot of Network Admins/Engineers seem to just take care of those things at most places I've seen. Not saying these roles don't exist at all.

scenicroute

NetworkNewb wrote: »

I've always wondered if a Network Security Admin role was almost too specific, as a lot of Network Admins/Engineers seem to just take care of those things at most places I've seen. Not saying these roles don't exist at all.

I think you'll mostly see these types of roles at large organizations, where the infrastructure is so vast that it's just not practical for a single person to manage it. Then it might make sense to have an expert-level person just focused on the security appliances.

Blucodex

scenicroute wrote: »

Considering two paths to go down in the long run:

One would be red team/pentesting work, and eventually some sort of higher level managerial role for which I'd do something like OSCP and then CISSP.

The other would be network security administration where I could work with Cisco security appliances, and I'd do CCNP Sec and eventually CCIE Sec.

I'm not sure which I'd enjoy more, which has better future prospects, or exactly what the ups and downs of each would be like. So any feedback is helpful. I have a little exposure to each and I'll be gaining more this year, but not enough yet to make a well-formed opinion.

I'm a Security Admin for a medium sized healthcare company. After a security audit from a contractor it was determined that they needed a full-time security guy--that's how my role became available. Prior experience was as a SysAdmin with limited security exposure.

What this means is that I am currently dealing with everything security related in an environment that previously only had a Cisco ASA with no modules as a security posture. Well, there was the AV product that was two major revisions behind, at least the definitions were mostly up to date. I'm starting my OSCP training this Saturday.

Here is what I have found. There is so much to learn. And I recently have had interviews for a Cyber role with a prominent contractor as well as a few Fortune 500 companies. Most want people with a lot of experience in a few key products. I think the pen-test jobs are few and far between and they want someone with a very strong background as an engineer. I also believe it's not going to be as glamorous as most people associate it with being, ie. the movie Swordfish. If anything will be a good indication for you it will be your OSCP experience.

With that being said, I am fortunate enough to be in a position that I can build out the security infrastructure and delegate my time as I see fit. Just swapped out the old firewall for a "nextgen" product, working on new AV solution, vulnerability assessment and remediation, pen-test, anything under the sun that is considered "security" I am free to research, request, and implement (assuming approval).

The downside is I am a little underpaid for my background but then again I am crossing over into a new role so how can I demand the wages of a CISSP with 7+ years of security experience? But the amount of experience I am getting as the sole security admin is awesome.

You need to ask yourself what your goal(s) with each position would be? Do you like to travel? Would you want to work for one company or do project work being exposed to many environments and people? For me personally, I think the goal is to one day be skilled enough that I would be a pre/post sales guy. Maybe I will hate the travel after awhile but it would at least be free travel and a lot of fun for a few years.

NetworkNewb

Blucodex wrote: »

With that being said, I am fortunate enough to be in a position that I can build out the security infrastructure and delegate my time as I see fit. Just swapped out the old firewall for a "nextgen" product, working on new AV solution, vulnerability assessment and remediation, pen-test, anything under the sun that is considered "security" I am free to research, request, and implement (assuming approval).

Good info Blucodex! This is kinda how I see most higher level security roles and what I want to end up doing.

scenicroute

@Bluecodex I think my main goal is just to find something I can enjoy doing on some level. My reservation with pentesting is I'm afraid I'll spend 14 hours a day staring at a command line, doing things like running nmap scans. It's ironic you mention the Hollywood glamour, because I have this image of it being tedious. But I don't yet have enough experience to know for sure what a full-time job as a pen tester would be like.

I just started working on my CCNA Security, so I think my level of interest at the end of the process will at least tell me something about whether I want to go further down the Cisco route.

Queue

Depends on how big the networking team is if you can specialize in just the security appliances. Eventually this organization I'm with wants to deploy ISE so I'm hoping I can be a big help in the future with that. I've been told that we tried port security in the past and the administration was just too much to handle. ISE is something they may warrant a full focused position on network security appliances. Were also in the midst of a new ASA deployment in which we'll split the Firepower management out to the security team and we'll still manage the ACLs. Some stuff we manage is also going away in the future like the use of Anyconnect, I believe everything will just use a different client side secure connection with Citrix.

However, routing and switching are still fundamental. Also CCIE security would probably mean you were sufficient in an ISE deployment so I see that as being an incredible goal.

MitM

My ideal role sounds like what Blucodex is doing. My interest lies more in Network Security Administration, but without the typical Network Admin/Engineer duties

scenicroute wrote: »

Our dilemmas may be a little different as your mention of network defense and said description seems a lot like blue team work. I already figured out blue team work doesn't interest me. Network security administration, on the other hand, deals more with administering and configuring security appliances, and doesn't deal as much with threat response, incident handling, etc. like blue team work does.

Just curious, what doesn't interest you about Blue Team work?

scenicroute

MitM wrote: »

Just curious, what doesn't interest you about Blue Team work?

Basically the same thing I fear I may not like about red team work. I just found blue team work to be very tedious, constantly staring at traffic feeds looking for things that seem out of the ordinary. Several hours of that is enough to make me crazy and want to just go be a landscaper instead.

JoJoCal19

I'd love to get into pentesting but to get into the really good positions, it's highly competitive and the stuff that the top practitioners know and can do is pretty mind boggling. I read through a Reddit AMA that a company did, which was focused mainly on appsec, but also other pentest areas, and the stuff just blew my mind. I am still going to pursue the knowledge as it's what I would like as my backup skillset.

I can say that the network security stuff does really interest me as well and I keep my eye on the Cisco security realm. The main reason I don't pursue that area of knowledge is that it's really a use it or lose it type of knowledge/skill and I can more easily participate in CTFs, and do vulnhub machines to keep up hacking skills.

UnixGuy

Depends on the organisation, but the title Network security is usually given to people who manage firewalls, proxies, etc...even Active directory in some places so depends. Pentesting is a niche within Security, but be mindful that being a Pentester will not make a Security Architect who design a full security solution for example, it's just a different path.