Pros and cons of the various IT industries/sectors

c5rookiec5rookie CISSP-ISSAP, CCNA, GCED, GCFA, GCIA, GCIH, GCUX, GCWN, GPEN, GWAPT, A+, Net+, Sec+, Linux+, Pentest+U.S.Member Posts: 51 ■■■□□□□□□□
I wanted to get some feedback about what people like and don't like about the current IT industry you work in.  I'm sure there might be some discrepancies depending on what company people work for as far as work culture, budget, etc. but I thought it might be a good way for people to share experiences and see similarities and differences compared to what sector of IT we're working in now.  In addition, for anyone that is seeking a transition, is there a different IT sector or IT job that seems more appealing that what you're doing now?


For me I currently work with the government sector doing network defense type work.  Pros:  The stability is good and the work pace is not too demanding.  I have some downtime throughout the week to study which is nice.  Since the organization is so large, we encounter various scaling challenges which become a "fun" puzzle to solve.  Cons: You're limited to the type of work you can actually perform due to separation of duties policies.  Change seems to take forever. If you want to replace a certain vendor or piece of network architecture it is very difficult to find a suitable replacement.  Another downside is that because our group has such small footprint, getting people to recognize the severity of certain risks seems to be ignored since they don't feel anyone would invest time to attack us.  I would like to work in the private sector at some point.  Seems like things move a little faster and you might be able to have more at your disposal to work on.

Comments

  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,017 ■■■■■■■■□□
    edited January 12
    c5rookie said:
    Cons: You're limited to the type of work you can actually perform due to separation of duties policies.  .
    For any large organization, your going to run into this type of limitation. The days for giving the keys to the kingdom to one person are long over, unless it's a really small company. For myself for example, if I decided to go rouge tomorrow, I could use my network access to blow away the network configs and ISO's on about 500 network switches, (12 locations) and 50 firewalls, but that's about it. I couldn't crash the entire corporate network. It would take a few days to restore the critical systems, maybe 2 weeks for a full recovery,  but that's the limit of the damage I could cause, It would certainly cost the company money to restore, but It wouldn't be a company crushing action. I recall one case where the system admin was being terminated, and on his way out he set a logic bomb at Omega Engineering Corp, he also deleted all the backups, while the company didn't go out of business, it lost it's position in the industry, cost 10 million dollars and resulted in the layoffs of 80 employees.

    In short this is the main reason why access is departmentalized. It limits the damage expose of one threat actor, or if there accounts were compromised an outside adversary can inflict. As for myself, I was able to join the firewall subgroup to learn about setting and applying policies to firewalls, for our segment of the company.   


    Still searching for the corner in a round room.
Sign In or Register to comment.