System Engineer to Infosec

dstock7337

I would like some career advice please.

I've been working for my company in the field for 9 years as a Senior Systems Engineer. I am currently finishing a Master's Degree (end of this year) in Information Security and recently took the SSCP (finished endorsement, waiting on final confirmation). I want to get into Info Sec but it seems like whether or not I have the degree/exp, the jobs in this region won't pay as much as I am making right now.

I am well aware of the different avenues I can go in information security and my current interest are in incident response/investigation, vulnerability and risk assessment, ethical hacking - from the perspective of finding weaknesses and recommending fixes, and threat intelligence.

In my career from desktop support to present, I have always had security first and foremost in mind and practice. My company (Fortune 500 company) is large but its HQ is across the country from me. I have an opportunity to take a security position that isn't part of their infosec department currently but is a part of operational support and solutions delivery.
That position will be focused on endpoint security nationwide level, as opposed to just the region that I support presently. It has been said to me that it would be a step stone role where I get full time endpoint security experience, while I wait for something to open up in the actual infosec department. However, the pay is the same I am making now and I would have to pay more for housing than what I'm paying now.

All that being said, does it make sense to go for that role and move across the country while I wait for an opening in what I want to be in? Or should I stay put and wait for a role to open up, at the possibility of loss of pay?

Cuse0311

dstock7337 wrote: »

I would like some career advice please.

I've been working for my company in the field for 9 years as a Senior Systems Engineer. I am currently finishing a Master's Degree (end of this year) in Information Security and recently took the SSCP (finished endorsement, waiting on final confirmation). I want to get into Info Sec but it seems like whether or not I have the degree/exp, the jobs in this region won't pay as much as I am making right now.

I am well aware of the different avenues I can go in information security and my current interest are in incident response/investigation, vulnerability and risk assessment, ethical hacking - from the perspective of finding weaknesses and recommending fixes, and threat intelligence.

In my career from desktop support to present, I have always had security first and foremost in mind and practice. My company (Fortune 500 company) is large but its HQ is across the country from me. I have an opportunity to take a security position that isn't part of their infosec department currently but is a part of operational support and solutions delivery.
That position will be focused on endpoint security nationwide level, as opposed to just the region that I support presently. It has been said to me that it would be a step stone role where I get full time endpoint security experience, while I wait for something to open up in the actual infosec department. However, the pay is the same I am making now and I would have to pay more for housing than what I'm paying now.

All that being said, does it make sense to go for that role and move across the country while I wait for an opening in what I want to be in? Or should I stay put and wait for a role to open up, at the possibility of loss of pay?

Sounds like you have a strong passion for security. Sometimes life is about making sacrifices. It might be a good way for you to get your foot into the door so to speak. I wouldn't wait for something else to come along. It sounds like a good opportunity has come your way. You could always transfer into their infosec department at a later time once you gain some experience. What would you be doing in the operation support and solutions delivery role?

labscloud

Hey, at least it's not a pay cut, plus it places you in a direction for an infosec position at some point in the future. I have to agree, I think this sounds good for you, but only you can decide. Cheers!

dstock7337

Thank you for the input. I would be responsible for delivering and supporting the endpoint security solutions that the sec department wants deployed. I would be working closely with the security dept leads and also with the teams that support our clients in the field. This would involve testing and troubleshooting with the field. Additionally, the role would involve architecture design and diagramming, documentation, evaluating new product solutions, and contribution to security policies and procedures.

ITSec14

In a way it kind of is a pay cut because your expenses would be higher in your new location. It's a move in the right direction though if you want to get into security. I guess it depends on the earnings potential in the new area and how related this new job will be to what your goals are.

Kyrak

I'm in the process of making a lateral move into security at my company right now. Systems Engineer II -> Security Engineer II. Any other company I would probably have to take a pay cut AND come in as a Security Analyst. I say go for it!

UnixGuy

you are more than ready to start an InfoSec role. I would say update your CV and start applying!

TheFORCE

dstock7337 wrote: »

Thank you for the input. I would be responsible for delivering and supporting the endpoint security solutions that the sec department wants deployed. I would be working closely with the security dept leads and also with the teams that support our clients in the field. This would involve testing and troubleshooting with the field. Additionally, the role would involve architecture design and diagramming, documentation, evaluating new product solutions, and contribution to security policies and procedures.

Go for it, I'm currently doing what you just described. My official title is IT security but my manager always refers to the group as Information Security as we are the only team supporting our region.

There's been a shift recently or at least a division within the infosec with the creation of 2 seaprate groups one called information security and the other IT security. With Infosec working mostly of regulations compliance, standards, documentation and policies which then are past down to IT security to implement and push reports up stream to Infosec.

dstock7337

UnixGuy wrote: »

you are more than ready to start an InfoSec role. I would say update your CV and start applying!

Thanks for the feedback. Are you referring to the internal posting or looking outside elsewhere?

dstock7337

ITSec14 wrote: »

In a way it kind of is a pay cut because your expenses would be higher in your new location. It's a move in the right direction though if you want to get into security. I guess it depends on the earnings potential in the new area and how related this new job will be to what your goals are.

Thanks for the reply.

The job role will be very focused on managing and improving endpoint security systems, endpoint compliance reporting, architecture documentation, project planning and presenting,

The roles I have interest in are:
Vulnerability Assessments/Pen Testing
Incident response - investigations
Malware and Attack Research (Intelligence)
Security posture strategy
Ultimately moving into a security architecture/advisory role.

I already create documentation, procedures, RCA write ups, presentations, and technical walk-throughs in my current role.

UnixGuy

dstock7337 wrote: »

Thanks for the feedback. Are you referring to the internal posting or looking outside elsewhere?

Both, I think you are more ready that you give yourself credit for! you have options!

dstock7337

Thanks everyone for the advice. I decided to wait until I finish my Master's this year before starting a new job. They'll be more opportunities later. It'll also give me time to get some additional security certifications and lab work in.