Autonomy in InfoSec

egrizzlyegrizzly Posts: 253Member ■■□□□□□□□□
Hello TE world,

Which field in InfoSec would you say has the most autonomy, I mean a situation where you can just obtain the skills needed and then be able to work for yourself. I used to assume it was mainly the CISA certification however I'm seeking some clarification.

egrizzly.

Comments

  • dustervoicedustervoice Posts: 876Member ■■■□□□□□□□
    You can work for yourself doing anything! but to your point maybe PENTESTING.
  • cyberguyprcyberguypr Senior Member Posts: 6,587Mod Mod
    You can't circumscribe it to a single cert. There are very succesful independent consultants for basically every Infosec discipline. The question is how long will it take you to develop those skills and market them.
  • TheFORCETheFORCE Posts: 2,224Member
    Work for yourself as making your own company or taking side gigs and contracts or work for yourself the issues of tasks you are assigned without involving other team members?
  • yoba222yoba222 Posts: 882Member ■■■■□□□□□□
    Consulting. You pick the specialty.
    Obtained: A+ | Network+ | Security+ | CySA+ | PenTest+ | CAPM | eJPT | CCNA R&S | CCNA CyberOps | GCIH | LFCS
    2018: Virtual Hacking Labs
    2019: eCPPT &/or OSCP | CISSP
  • beadsbeads Posts: 1,403Member ■■■■■■■■□□
    Vulnerability research is the only path I have ever seen that would allow you to work completely solo, at home and on your own time. For instance, you find the right vulnerability and Google coughs up to 500k. Usually less but finding unknown exploits can be very lucrative.

    For most of us a single certification isn't going to provide you with a stable income. Most commonly its dedication, hard work and attention to detail that provide a stable enough income to consult for any length of time. Unfortunately, much of the security field in general is contract anyhow.

    Good luck,

    b/eads
  • egrizzlyegrizzly Posts: 253Member ■■□□□□□□□□
    ...so to put it simply, penetration testing is what you're vaguely saying provides the most autonomy. Pen Testers find vulnerabilities in company servers working as white hat hackers.
    beads wrote: »
    Vulnerability research is the only path I have ever seen that would allow you to work completely solo, at home and on your own time. For instance, you find the right vulnerability and Google coughs up to 500k. Usually less but finding unknown exploits can be very lucrative.

    For most of us a single certification isn't going to provide you with a stable income. Most commonly its dedication, hard work and attention to detail that provide a stable enough income to consult for any length of time. Unfortunately, much of the security field in general is contract anyhow.

    Good luck,

    b/eads
  • egrizzlyegrizzly Posts: 253Member ■■□□□□□□□□
    TheFORCE wrote: »
    Work for yourself as making your own company or taking side gigs and contracts or work for yourself the issues of tasks you are assigned without involving other team members?

    the latter
  • EnderWigginEnderWiggin Posts: 549Member ■■■■□□□□□□
    egrizzly wrote: »
    the latter
    In that case, you can do it with pretty much any specialty. You just have to be better than the majority of the other people whom specialize in that area, and find a boss that likes results.
  • ISACA_your_bloodISACA_your_blood Posts: 6Member ■□□□□□□□□□
    I agree with another poster that bug bounties are a good way to go if you want ‘full autonomy’, but you need to be confident in your fuzzing and pentesting skills. In other words, dont give up your day job to pursue it as the opportunities and rewards are unpredictable. Consulting is obviously a good start, but you’re still beholden to your clients’ expectations. For general infosec, the CISA and ISO LA routes could be an option. IMO auditing provides the best opportunity to be ‘independent’, given that it is a core tenet of the profession.
Sign In or Register to comment.