Autonomy in InfoSec

Hello TE world,

Which field in InfoSec would you say has the most autonomy, I mean a situation where you can just obtain the skills needed and then be able to work for yourself. I used to assume it was mainly the CISA certification however I'm seeking some clarification.

egrizzly.

Find more posts tagged with

Comments

dustervoice

You can work for yourself doing anything! but to your point maybe PENTESTING.

cyberguypr

You can't circumscribe it to a single cert. There are very succesful independent consultants for basically every Infosec discipline. The question is how long will it take you to develop those skills and market them.

TheFORCE

Work for yourself as making your own company or taking side gigs and contracts or work for yourself the issues of tasks you are assigned without involving other team members?

yoba222

Consulting. You pick the specialty.

beads

Vulnerability research is the only path I have ever seen that would allow you to work completely solo, at home and on your own time. For instance, you find the right vulnerability and Google coughs up to 500k. Usually less but finding unknown exploits can be very lucrative.

For most of us a single certification isn't going to provide you with a stable income. Most commonly its dedication, hard work and attention to detail that provide a stable enough income to consult for any length of time. Unfortunately, much of the security field in general is contract anyhow.

Good luck,

b/eads

egrizzly

...so to put it simply, penetration testing is what you're vaguely saying provides the most autonomy. Pen Testers find vulnerabilities in company servers working as white hat hackers.

beads wrote: »

Vulnerability research is the only path I have ever seen that would allow you to work completely solo, at home and on your own time. For instance, you find the right vulnerability and Google coughs up to 500k. Usually less but finding unknown exploits can be very lucrative.

For most of us a single certification isn't going to provide you with a stable income. Most commonly its dedication, hard work and attention to detail that provide a stable enough income to consult for any length of time. Unfortunately, much of the security field in general is contract anyhow.

Good luck,

b/eads

egrizzly

TheFORCE wrote: »

Work for yourself as making your own company or taking side gigs and contracts or work for yourself the issues of tasks you are assigned without involving other team members?

the latter

EnderWiggin

egrizzly wrote: »

the latter

In that case, you can do it with pretty much any specialty. You just have to be better than the majority of the other people whom specialize in that area, and find a boss that likes results.

ISACA_your_blood

I agree with another poster that bug bounties are a good way to go if you want ‘full autonomy’, but you need to be confident in your fuzzing and pentesting skills. In other words, dont give up your day job to pursue it as the opportunities and rewards are unpredictable. Consulting is obviously a good start, but you’re still beholden to your clients’ expectations. For general infosec, the CISA and ISO LA routes could be an option. IMO auditing provides the best opportunity to be ‘independent’, given that it is a core tenet of the profession.