Advice Please About Information Security Field

vip1982

Hello Everyone,

I'm really confused and i need your help please, I have 10 years experience in IT infrastructure, risk management and Network domains. Now i work as IT manager 35 Years old.

As the demand on the security field has increased dramatically recently, i'm thinking of start directing toward the security domain by start taking CISSP, (I already have Security+) then i will take CISM and so on. The question is "is it too late?" is it the right path for me, or shall i go for more management stuff? I mean is it possible with my past experience in general IT areas to be one day security manager after getting the required experience and certificates?

I really appreciate your opinion on this. Thank You

Find more posts tagged with

Comments

Danielm7

You lost me at 35 being too old for anything. You're already working in management, but wondering if a longer term plan of security manager is out of reach, no, it's not. Your cert plan sounds fine, I'd try to get some security management under your current role first before moving on if that's even possible, even if it's a project or two so that you can highlight it going forward. Am I missing something or were you planning on going full technical security first then into management again?

EnderWiggin

Danielm7 wrote: »

You lost me at 35 being too old for anything.

"Don't trust anyone over 30!"

NetworkNewb

vip1982 wrote: »

is it possible with my past experience in general IT areas to be one day security manager after getting the required experience and certificates?

"Why wouldn't you be able to?" is a better question.

Pretty crazy you think 35 might be "too late" to do anything.

TechGuru80

Are you trying to do technical InfoSec duties? CISSP and CISM are good for management roles and based on your stated experience you have already been managing some technical InfoSec tasks....configurations, risk management, etc.

Get the CISSP and start applying for InfoSec manager positions...should be not too difficult to break into InfoSec.

vip1982

Thank you for the encouraging replies guys! What makes me wondering if it is too late or no, is the very young people we are seeing on daily basis, with amazing skills and brilliant minds

. That's makes feel old.

However, i will proceed with my CISSP and take your advice to start being involved in real security projects, like i can start risk management at our department and ask everyone as i'm the boss to participate on it

.

Thank you guys! it is great place to have career advice.

beads

You may find security to be more of a step back or down depending on what you consider to be a "hands on manager" or not. Unless your working for a very large corporation your more likely to be doing a great deal scut work like log review and chasing down weird things that go bump in the night types of things.

Yes, there is a huge need for security people but we need security people with tons of HANDS ON experience who can work well with other SMEs and troubleshoot next to the administrators, engineers, developers and architects and on a good day of the week talk sense to the CEO and Board of Directors. I've gone from being in the Billionaire's office one hour to reviewing dock video the next and troubleshooting non-security related connectivity and scrum meetings in the afternoon. Lots of variety but next to no management level tasks. Done both but tech skills will always be in need while I can train monkeys to stay out of my hair and refer to themselves as management. Hands on skills win the day and paycheck. Opinions... not so much.

Depends on your ability to learn fast and apply that knowledge to the task at hand. Security is a lot like sales: "What have you done for me lately?"

Ask what people really do in security all day instead of what security can offer you. Its often surprising as to what people really, particularly if your really good at the field. I get whiplash working at so many levels all day long but still do all my own log analysis, budgets, risk analysis (RIOTT, FAIR, COBIT and NIST R4/R5), scripting, vulnerability and vendor management, et. al. in a highly regulated HIPAA and PCI-DSS environment.

I have no direct reports but make up for it by working 11 hours a day Monday-Friday and 4 on the weekends. Well compensated for it but we cannot, like everyone else, find skilled enough help to make it worthwhile.

- b/eads

- b/eads

vip1982

Thank You, Beads for the interesting reply.

Actually what makes me taking this step is beside that i really enjoy working on the security tasks more than anything else, is the fact that i'm moving from one country to another country which is Canada maybe by next year. So, as per many articles and answered questions finding a job in Canada not that easy, and they consider inside Canada experience more than any other places. Therefore, finding a manager job is difficult with ZERO experience in Canada, plus as a manager i will not be specialized in one field due to the necessity of having a general broad experience in most of the IT domains.

So, my plan is to be somehow specialized in one domain which i like, so even if i started as maybe security analyst or something similar is better than starting as System administrator. Otherwise, if i'm not in the situation of moving to another country i would prefer to have more certificates in the business management side like Six sigma, Lean management and so on. So, what do you think is it right what i'm planning for?

Bjcheung77

Do you already have a degree? Or just years of experience and some industry certificates? Being a manager at one company is great, but that might go too well with another company. Then the added factor of moving to another state or country. My suggestion is, weigh your pros/cons before moving, extend your education to at least an Associates level, and continue on with the certs. Does your company pay for your certs/education? or is this out of pocket? Research positions in other states/companies and see what is required, I would choose to obtain certs or at least an Associates degree in what is required.

vip1982

Yes, i have master degree in information system management. I have already did a research on the most required IT jobs in Canada, and i discovered that i want to have CISSP because i love security but this is not the best choice in my situation. After i did the research i found that most of the required jobs in Canada asking for ITIL, PMP, SIX Sigma and Microsoft certificates.

And as Beads said for security jobs they are asking for long hands-on experience more than the certificate. So, i'm taking this decision and i'm sad to do so. That i will forget about Security for now, and i have to study something

Else. But i'm sure when i have extra time i will take CISSP

Thank you guys for the great help.