role change

tripleatriplea Senior MemberUKMember Posts: 186 ■■■□□□□□□□
hi

so after some thoughts here please?

background is about 18 years in systems admins roles and later working with infosec people unofficially. got myself various certs sscp, ejpt, iso27001LI, cysa, sec+

in 2018 I moved into a role as an information security officer leaving technical behind but I had a good background for my new role. at 48 now I saw this as the role I would be doing for the next 10 years.

sometime early 2019 and theres a company reshuffle and I find myself as an information security officer working with others in a SOC and eventually unoffically now carrying out technical implementations too.

I now have the chance to move over to be a information security engineer full time in the same company. same money as the ISO role (although looking around I know Im underpaid, but with covid will be staying put after seeing how dead/saturated the job market has become). I also got headhunted for another ISO role, different company, for around 8k more but during the second interview for that today decided to withdraw from the application process.

dont know why but moving from governance to technical seems more of a backwards move? does it hurt my resume going forward? I know that I feel much more excited knowing Im going to be implementing and using a siem than reviewing policy docs and banging my head trying to implement controls after audits.

so maybe the bigger question is I thought I could go technical>governance>security management role? as I say does swapping to technical hurt me long term? want to be making more money again at some point.

might look into architect which has elements of both roles or would an analyst be a good route?

just a nagging feeling....

thanks

Comments

  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 502 ■■■■■■■□□□
    These titles all get a little confusing and confused depending on the orgs. Some define them poorly. Information Security Officer is one I'm less familiar with, but the few I've known have been borderline rock stars. So, my initial read on your story seems to suggest ISO to Engineering tasks would be a very slight step back.

    Like so many things, it's really about what you want to do. Is stepping "back" from governance to technical a bad step? Not necessarily. I can also say I've known engineers and even analysts who are the more senior of the whole team in various orgs.

    One common thing, though, is the Architect I've always seen as more experienced and a mix of technical and soft skills. The Architect is the person who designs security controls/solutions that Engineers implement for Analyst consumption/needs. They also work with other org architects to offer security advice. I think coming from both technical and governance backgrounds really helps the Architect, as the Architect is the one who should know regulations and policies and make sure solutions meet them, at a minimum. A good one also can anticipate opportunities to audit/test efficacy of those controls, or set up the Analysts for success when solutions meet their fingertips and logging/choke points are already in place.

    One good thing? You have what sounds like a super experienced background that can likely help you land any job in your area that deals with infosec.

    I think you should turn that SSCP into a CISSP ASAP. I also think you could do any track as well, but CISA/CISM come to mind. For architects, the CISSP-ISSAP isn't well-known, but is a way to go.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP?
  • tripleatriplea Senior Member UKMember Posts: 186 ■■■□□□□□□□
    thanks for the comments

    so for info, the information security officer role is one that makes sure all the ISO27001 controls are adhered to and helps with audits, policy reviews, dealing with security incidents etc. One of the reasons I moved over apart from loving getting my teeth into new security implementations is enforcing controls is often like fighting an uphill battle as you get little cooperation from normal IT departments (and coming from ops I do have sympathy with anything that makes more work). Seems extremely painful getting traction on actions in my current company which is why I moved over.

    sometimes cyber analysts can be a purely security monitoring type role or be a combination of both of these roles. It depends on the organisation. I think thats probably where Im headed, the joint role. One of the reasons I want to get the SIEM in is to get 6 months hands on to with something like splunk.

    CISSP wise, I just did the first assessment test in the big book and got in the mid 60's percentage wise so that was encouraging going in stone cold. Need to commit now.

    suppose Im worrying if I go for another ISO role in the future it will look a bit odd? but also having an extra 6 months using security tools has to be seen as a bonus?

    maybe external auditing is the way to go for me if I decide on governance again. that way you tell companies whats wrong and how to improve but dont have to have the hassle of chasing people if they want to remain certified?

    any other thoughts welcomed. 






  • tripleatriplea Senior Member UKMember Posts: 186 ■■■□□□□□□□
    thanks for the comments

    so for info, the information security officer role is one that makes sure all the ISO27001 controls are adhered to and helps with audits, policy reviews, dealing with security incidents etc. One of the reasons I moved over apart from loving getting my teeth into new security implementations is enforcing controls is often like fighting an uphill battle as you get little cooperation from normal IT departments (and coming from ops I do have sympathy with anything that makes more work). Seems extremely painful getting traction on actions in my current company which is why I moved over.

    sometimes cyber analysts can be a purely security monitoring type role or be a combination of both of these roles. It depends on the organisation. I think thats probably where Im headed, the joint role. One of the reasons I want to get the SIEM in is to get 6 months hands on to with something like splunk.

    CISSP wise, I just did the first assessment test in the big book and got in the mid 60's percentage wise so that was encouraging going in stone cold. Need to commit now.

    suppose Im worrying if I go for another ISO role in the future it will look a bit odd? but also having an extra 6 months using security tools has to be seen as a bonus?

    maybe external auditing is the way to go for me if I decide on governance again. that way you tell companies whats wrong and how to improve but dont have to have the hassle of chasing people if they want to remain certified?

    any other thoughts welcomed. 






  • DatabaseHeadDatabaseHead CSM, ITIL x3, Teradata Assc, MS SQL Server, Project +, Server +, A+, N+, MS Project, CAPM, RMP Member Posts: 2,557 ■■■■■■■■■□
    edited June 10
    Unless you've been in an architect role be careful for for what you wish.  I held the positions of Enterprise and Integration Architect and it was nothing like I thought it was going to be.  I quickly bounced on those roles and took a business role, but hey that's just me.  

    Integration Architect was drawing  up diagrams for the system manager.  Payload buildouts, middleware, source system, EDW, Data Lakes etc....   I thought I was going to be in the design team NOPE.  I was documenting all the connectivity.  Don't get me wrong learned a ton on that 6 month project, but at the end of the day wasn't committed enough to do it FTE for the next 5+ years.  

    Enterprise was even weirder.  Literally worked in a think tank on how we could get the company to foster more cultural collobration.  Basically it was a bunch of over educated guys and gals creating powerpoint slides trying to get them into the CIO's slide deck for his next presentation.  

    Like I said be careful for what you wish for. 
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,156 Mod
    I see you have nothing to lose at the moment. Stay in your role and learn as much as you can. The role can be what you make it, so use your role and become a super star in it, become a Splunk expert instead of just an implementer, create playbooks and follow best practices, finish your CISSP & CISM, do a great job in your role and make your company want to keep you and then ask to be transferred to do something else.

    Titles can be all over the place, and you have a great technical background that allows you to do anything, so keep getting more exposure, play with more tools, learn the frameworks that are used in your company (ISO27001). This way, your next role can be anything you want.

    Possible roles: if you get really good at Splunk, you can work for a vendor (like a Splunk), if you get good at frameworks you can take up consulting, if you do well as an analyst/engineer you can become a SOC manager. You can move to architecture too, given than you put in efforts to learn, get certs for architecture, and perform well in your role.

    Goal: MBA, Jan 2021
  • tripleatriplea Senior Member UKMember Posts: 186 ■■■□□□□□□□
    So sometimes its just being in the right place at the right time.

    When my old team lead left one of the recruiters he used just happened to show him a job which he passed on to me at another company.
    Just completed all 3 interviews and have been offered the job as an security specialist/consultant. Basically bringing them up to iso27001 from scratch, doing some technical projects, improving their current security posture and advising on product roll outs, handling incidents. Gonna be much to learn but also gonna be fun.

    And its now just 10 minutes up the road on a motorbike and an extra 8k a year.

    Will be dropping my old company in it (not intentional on my part) as I'm literally the last security member in the place and they have been very slow to recruit (and Im not sure if I was being strung along, happy for me to do 2 jobs and I was certainly getting underpaid according to outside market postings and advantage being taken of me, but you reap what you sow)

    Nice to see that hard work pays of if you put the effort in. 



  • Neil86Neil86 Member Member Posts: 151 ■■■■□□□□□□
    Great to hear. Congrats on the new role!
Sign In or Register to comment.