Cybersecurity Career Advice

Donklander

Hi All,

Just looking to get some feedback, as I'm at a crossroad right now as far as my career. To give some background, much of my entry/beginning experience was Help Desk-centric and Networking related with the Army (Prior service). I left and began contracting in network-focused jobs, however I had been eyeing cybersecurity for various reasons. Roughly 2 years later, I landed my first job that is more cyber-related(Essentially run a flavor of Nessus and do Information Assurance functions), so my career is definitely in the direction I'd like. I also took advantage of my GI Bill and am currently working on the SANS MSISE program (Have completed GSEC,GCIA,GCIH) and absolutely love the training.

Now here is where the crossroads begin. From the beginning, I was mostly interested in Pentesting. I know the general concepts and have learned quite a bit, and that's honestly what I'd like to do, so my electives were going to be GPEN, GWAPT, and GXPN. However, the alternate route is more forensics focused, such as GCFE,GCFA, and GSFA, which is something I could easily see myself enjoying as well. My spidey-sense would say the forensics route is safer for employment purposes, especially considering my career is going to be very DoD-centric.

My question is, from those who have performed the more technical roles, why do you do what you do? Would you have changed your mind if given the opportunity? What's the job field look like for either?

Danielm7

First off, congrats as you're definitely going in a good direction. Support, then networking, then vuln management / policy and a ton of SANS training, great stuff.

As for your specific situation, I'd be detailed about job searching in your desired location for pentesting vs forensics. Both are pretty fringe positions in most businesses. There are definitely people who 100% specialize in either function, but it's on the smaller end the spectrum of available jobs. An MS specialty doesn't mean that's your only job options either and whatever you end up doing in security, having a solid background in forensics of offensive tactics can be very helpful too.

As for why I do what I do... I was a systems engineer / JOAT for a long time. I realized I had done a lot of security functions already, it was the more interesting side of the jobs that I had, and defensive type / generalist role matched up pretty well with where I was going. Sometimes I think about changing it up in the future. I've taken classes in a few different areas but some of it comes down to do I really want to fully switch to a very different focus like audit, etc. Are there jobs available? What's the long term career path?

McxRisley

As a former pentester, all I'm going to say is this,

Everybody wanna be a penetster but don't nobody wana do no paperwork.

You can quote me on that if you like lol.

yoba222

I'd avoid a hyper-specialized track until you're already doing that job and know you love it and want more and more. I'd go with the GPEN, GFCA, and your pick for number three.

McxRisley is right. No budding cyber security professional-to-be has ever gone on the English and grammar forums asking for what courses to take so they can pump out 80 page pentest reports like a master writer.

UnixGuy

The GCFA & GCFE will help you not only in Forensics but in general incident response, so they offer a lot of value. As for the GPEN & GPXN, they're also great, so if you can get all of them done through your training that would be ideal. If I had a pick I'd choose GCFA & GPXN .


Depends on what you like, no reason why you shouldn't learn both in your degree and then get experience on the job as you go

MalwareMike

I like Yoba's idea, select GPEN and GCFA then decide on your third course depending on how much you like the forensics and pentest material. From personal experience, I was totally hyped for forensics...did an internship and realize how much I am not built for that kind of work. If you have a chance, shadow or ask people you know who hold these jobs and get their honest feedback on pros and cons.

TechGromit

Donklander wrote: »

My question is, from those who have performed the more technical roles, why do you do what you do? Would you have changed your mind if given the opportunity? What's the job field look like for either?

All I'm gonna say is penetration testing is where most people in cyber security tend to gravitate towards, cause it's "cool", but at the end of the day, companies are really interested in plugging holes, than finding them. While incident response type positions are not as sexy sounding as Ethical Hackers, that is where the money and job security is in the long run. Don’t get me wrong, you can certainly benefit from Penetration testing training and experience, but mainly to you help you identify the holes to plug.

Fadakartel

TechGromit wrote: »

All I'm gonna say is penetration testing is where most people in cyber security tend to gravitate towards, cause it's "cool", but at the end of the day, companies are really interested in plugging holes, than finding them. While incident response type positions are not as sexy sounding as Ethical Hackers, that is where the money and job security is in the long run. Don’t get me wrong, you can certainly benefit from Penetration testing training and experience, but mainly to you help you identify the holes to plug.

Yup I have a friend who is a pentester and they sent him home after 1 year and kept the networking/network security guy seems pentesting is more of a contract/security assessment basis.

the_Grinch

I have to agree with others and say stick to the pentesting with an eye towards incident response. I work in forensics (law enforcement) and the guys that are retiring aren't picking up purely forensic jobs. Very few companies actively employee people who just perform forensic work. Every job posting I see for forensics is really just incident response with a requirement that you know Encase (or whatever tool they use).