Security or Network Manager - need an outside opinion

MitMMitM Member Posts: 622 ■■■■□□□□□□
Sorry in advance for the long post.

I've been in IT for long time now. I've worked in different areas of IT, such as desktop support, server administrator, network engineer and currently for the past year as a infosec manager.

As mentioned, I was working as a network engineer when I made the jump to infosec manager at my current place.  I've always been a technical person. For the past few years, my focus was (and still is) network security, but my current position covers all aspect of security, including o365 security, vuln mgmt, pci complaince, policies and auditing. That's just a few.  I don't handle nor do we have a SOC, Incident Response team, Red team etc. The infosec team consists of me.

I'm like most people on here, always trying to learn and improve my skills. What I'm noticing is when I'm at home learning or watching webinars for my CPEs, I'm still only focusing on network security. Same with certs, except I did get the CISSP. I don't really see myself pursuing offensive security certs or CISM.  I understand the importance but some thing s in security like risk management bore me lol

I do like my current position, but there may be a network engineer manager opening (nothing definite). I'm wondering if it makes sense for me to go for it.  The pros i see are I'll go back to handling network security, salary/benefits are the same. The cons are its not just network security, I'll also go back to dealing with r&s, wireless, voice too.

I don't want to base my decision on only my current employer. I need to consider future opportunities too.

I value the opinions of the very smart TE folks, so I'd love to hear what everyone thinks


Comments

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    It depends on what you want to be honest. If it were me I'd choose the Infosec manager job, but you seem to enjoy network security more.

    I'd say, see where you want to see yourself 5-10 years from now, and walk backward.  Do you want to be a technical expert in network security? do you want to be a senior manager? two different paths.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    @MitM from my experience in the teams that I've been part of is that the manager doesn't always have knowledge of all the fields Infosec related.

    What you need to do is know enough even if it bores you. Focus on the things you know well and hire other team members for the things you don't know or don't want to do. It also makes things easier for the team for each person to have a dedicated role. For example,  if your team is doing vulnerability management,  hire someone whos role will be just that.  That's what we are doing. 
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I'd probably also try to define what "manager" is at any company. If you're the only one doing security at your current job, and no one reports to you, then sure, you "Manage security" but you aren't really a manager by most company standards. You might be stuck on the title and see things like network manager at another company and it might be a more typical manager role where you have a team of network engineers under you and your job is to manage them. 

    I realize that it sounds like you're talking about an opening at your own company which does that sort of naming. But, if you branch out to other companies and look at available jobs you might want to consider changing up the title to look for something more fitting of what you enjoy, or currently do. 
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    Thanks for the responses

    @UnixGuy - If I were to leave my current employer, for the next 5-10 years I see myself more as a technical expert/architect

    @TheFORCE - I agree with you, makes sense. Not currently an option for me though :smile:

    @Danielm7 -  Absolutely. I'm the only one currently, but if we add head count, that person will report into me. For the network manager position, I'd already have people reporting to me, but it would also be a hands on technical role.  In my company, all IT managers are also hands on.  Definitely not stuck on the manager title, this was needed for salary needs :smiley:

    I think what I'm trying to figure out is since my focus is more network security, does it make sense to stay on the network side of things.  Not sure where this responsibility goes at other companies.




  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Nothing wrong with a network security focus if that is what interests you, plenty of work there. As I'm sure you're aware, titles in security are all over the map and infosec/security/ITsecurity/Cybersecurity/network security might all be different things in different companies so I try not to get too hung up on the specific titles. I think as long as you take the same outlook on networks, things changing all the time, etc, that you'd take in infosec, then you'd be good going forward. I know too many people in the networking field who think nothing has changed in the last 15 years and could be in for a surprise in the future. 
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    edited December 2018
    I'd go for it, mainly so you can have some time in a position with manager in the job title that also includes managing people--even if only a very small handful.

    Not meaning that in any kind of condescending way--I think that having security manager on the resume for a year or so, and then a second manager position on there as well would be valuable to me.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    @Danielm7 - Totally agree with your last point.  I think that applies for other areas too. I refuse to be that person haha

    @yoba222 - I've had a number of promotions with my current employer, so I agree, it surely wouldn't hurt the resume.

    Honestly, titles don't really mean much to me. For the same salary/benefits, they can call me network engineer or security engineer, security analyst, network analyst.  I will say companies need to do a better job with infosec titles.  

    I'm not currently looking to leave my current employer. I always want to be prepared though, just in case. I think if the opportunity presents itself, I may go for it. I don't think I can go wrong either way



  • thomas_thomas_ Member Posts: 1,012 ■■■■■■■■□□
    If it's a title change to manager with no salary increase, then, sure why not?  If you're actually going to have an increase in the number of direct reports without additional compensation, then I don't know if I would do it.  I just don't think it's worth all of the extra headaches of managing other people without a pay increase.  It could easily turn working at a company from something you liked to something that you really can't stand anymore.  Your salary as an individual contributor is one thing, but the same salary as a manager with direct reports is something completely different.
Sign In or Register to comment.