Security career advice
triplea
Member Posts: 190 ■■■■□□□□□□
Hi,
I've been looking to jump over to InfoSec. However although working with the InfoSec guys and being a system admin I am finding it hard to make the transition. There are roles but there not that many without direct experience. ( Im SSCP and Sec+ and help the InfoSec team out a lot but Im still a system admin at the end of the day )
Now the original plan was to do something like a security engineer transition but Im hopefully being offered a Security Officer role ( doing 2nd interview tomorrow as a face to face ). I like many parts of that role but its mainly not technical. Do that role for 18 months and hopefully grab either a cissp or some more tech certs. Hopefully means as an IT Security officer I may bypass the majority of HR filters. Feel I could get some good cross training there as will cover things like DLP etc.
Do you think this is a valid career path or hold on? ( I may well enjoy that role and not want to leave anyway )
Thoughts please?
I've been looking to jump over to InfoSec. However although working with the InfoSec guys and being a system admin I am finding it hard to make the transition. There are roles but there not that many without direct experience. ( Im SSCP and Sec+ and help the InfoSec team out a lot but Im still a system admin at the end of the day )
Now the original plan was to do something like a security engineer transition but Im hopefully being offered a Security Officer role ( doing 2nd interview tomorrow as a face to face ). I like many parts of that role but its mainly not technical. Do that role for 18 months and hopefully grab either a cissp or some more tech certs. Hopefully means as an IT Security officer I may bypass the majority of HR filters. Feel I could get some good cross training there as will cover things like DLP etc.
Do you think this is a valid career path or hold on? ( I may well enjoy that role and not want to leave anyway )
Thoughts please?
Comments
As for your plan, you are at a crossroads right now. As you observed, the Security Officer is less technical and I am guessing more administrative. You seem to be a person who enjoys the hands on (nothing wrong with that BTW, I enjoy hands on). There are career paths that are technical, with Security Architect being the pinnacle and my understanding pays pretty well. If you are really and hands on technical person, look for those jobs. As a Sys Admin, there's lots you can do the harden operating systems and domains and gain infosec experience.
Good luck with what ever route you take.
Lets see if I ace the interview then decide if that's the job track I really want.
Take the role if you get it, and work on certs on the side as you plan to do. The only thing I suggest you do differently is actually give the role a chance even if it's not very technical, you might enjoy it and learn a lot of new things like governance for example. Take it, work on certs, and be open to the opportunities that this roe might open
Good luck
I'm a Security Analyst and our team works directly quite a bit with Sys and network teams. Infosec tends to be the end goal for many.. but working closely with System Admins and them seeing what we do day to day... many don't want those responsibilities. (Compliance, paperwork etc)
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
I interviewed for a security information officer, really good company, benefits, manager seemed nice.
I did a 20 min phone call with the interviewing manager and that went well, good rapport, can I come in for a face to face?
Did face to face for an hour and everything seemed good, all positive. Only thing I had to raise was that Im working alongside the infosec officer in current company so very aware what he does, reporting, risk registers etc etc. And what would be chased of the technical side for instance because he would be chasing me. Ran through with him that it’s not just IT infosec looks after ( not in a showing off way but just so he knew I knew what we were expecting. He led most of the interview etc which is fine and I was able to mainly answer. I did say though that I didn’t do the job directly and was looking to transition ( hence the running through what I knew ). I also spoke with the companies security engineer who was also there ( he used to be the position Im going for ). I openly discussed with him how a lot of companies wanted to get experience security people in but there were a lot of companies who didn’t want to invest and this was a general problem. The interviewing manager did say in the interview that theres always a few ways to get into that role, mainly from a technical background or auditing. The technical guy also said that that was the problem he found when he went for the information security role so I think he was onside. Manager also seemed happy that I had done security exams off my own back and continued development, also wanted to go for CISSP at some point.
Feedback to recruiter very positive, confident and knowledgeable. Only 3 went through to face to face stage and I was the front runner. Can we have another conversation as hiring manager wants to raise 2 concerns.
Anyway we had the conversation yesterday for 20 mins and all seemed fairly good. I also spoke to the manager and wanted to run through a few question to check the role was what I thought it was ( it is , same as the security officer in my current job ) and I wanted to make sure I would be happy so I could be a good fit for them. Asked to clarify what a typical week would include ( he replied actually that’s a really good question and ran me through ) The recruiter told me I came across again very confident, enthusiastic and engaging throughout the whole process and how I handled the call ( and would be a good team fit ) but also they are also interviewing someone else and will let me know by mid next week ( managers off til then ). Recruiter also told me they normally just turn people down if they don’t consider a good match for the role. Recruiter had someone else turned away.
Now this other person applied direct apparently and the hiring manager want to see ‘what else was out there’ not from a recruiter. Now if this guy is already an information security officer I suspect they will get it due to already being in the field ( I do see the logic in fairness )
Cheers.
Looks like happy days for me then as they phoned me back and I was offered the job after nearly 3 weeks from face to face interview.
Only slight problem is I got attracted to another job ( whilst this took so long and I thought I was out of the game ) and Im being phone interviewed for that next Tuesday. This one is for security analyst rather than information security officer. Might have a bit more technical in it. Slightly less pay.
Don’t know what to do now…..